Back to skill
Skillv1.0.0
ClawScan security
Duplication Removal Via Extraction · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only refactoring helper that asks for access to a codebase and tests and does not request unrelated credentials, installs, or system-wide privileges — the requirements align with its stated purpose.
- Guidance
- This skill is coherent and instruction-only: it will read and edit your codebase and run tests. Before using it, ensure (1) you grant it access only to the intended repository, (2) you run tests in a safe environment (sandbox/CI) because tests execute project code, (3) you have a backup or commit point to revert changes, and (4) you are comfortable letting the agent run the dependent 'characterization-test-writing' skill if tests are missing. No credentials or external installs are required; review edits before committing.
Review Dimensions
- Purpose & Capability
- okName, description, and declared inputs (codebase + tests) match the instructions: the skill is about identifying duplicated fragments, extracting methods/utilities, and pulling up shared code. Required tools (Read, Grep, Edit, Bash) are appropriate and proportional for a code-refactoring workflow.
- Instruction Scope
- okSKILL.md stays on-topic: it directs the agent to locate duplicated code, verify/author characterization tests, run the test suite, extract/replicate methods, and introduce shared structures. It does not instruct reading unrelated system files, exfiltrating data, or calling external endpoints. Note: running the project's test suite executes project code — run in a safe/sandboxed environment if you have concerns.
- Install Mechanism
- okNo install spec or code files — it's instruction-only. Nothing will be downloaded or written by an installer as part of a skill install, which minimizes supply-chain risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The absence of extra secrets is proportionate to a refactoring guide that only needs repository access.
- Persistence & Privilege
- okalways:false and normal model invocation are used. The skill does not request permanent presence or modify other skills or system-wide agent settings. It will edit files in the provided codebase as expected for refactoring tasks.