Back to skill
Skillv1.0.0
ClawScan security
Library Seam Wrapper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 2:50 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only refactoring helper that reads and edits a codebase to wrap third‑party libraries; its requirements and instructions are consistent with that purpose.
- Guidance
- This skill is coherent and focused on refactoring code to introduce wrapper interfaces. Before running it, ensure you only grant the agent access to the repository you want modified (use a clone/feature branch), have up‑to‑date version control and CI so you can review/rollback changes, and verify the repository does not contain secrets you don't want inspected. Also review the dependent skill 'seam-type-selector' (declared under depends-on) before allowing autonomous runs, since its behavior can affect what changes are proposed. Finally, require human review of any produced edits (PRs) and run tests in CI before merging.
Review Dimensions
- Purpose & Capability
- okThe name/description (wrap libraries to break vendor lock‑in) matches the declared inputs (a codebase) and the runtime tools (Read, Grep, Edit, Bash). There are no unrelated credentials, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md describes searching the codebase for imports/usages, designing interfaces, creating adapters, and migrating call sites. The instructions focus on code inventory and edits; they do not direct data to external endpoints or ask for unrelated system files. They do note a C/C++ fallback (Link Substitution) which may require inspecting build files, but that is coherent with the stated fallback.
- Install Mechanism
- okThere is no install spec and no code files — instruction-only. This minimizes disk writes and external code execution. No downloads or package installs are requested.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The tooling it calls (grep, edit) is appropriate for scanning/modifying code and no extra secrets are required by the skill itself.
- Persistence & Privilege
- okalways is false and the skill is user‑invocable; autonomous invocation is allowed (platform default) but does not by itself indicate excessive privilege. The skill does not request persistent system modifications or cross‑skill config changes.