Skillv1.0.0

ClawScan security

Observer Pattern Implementor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 10, 2026, 8:32 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are coherent with its stated purpose (refactoring a codebase to implement the Observer pattern); it asks for no credentials or installs and only uses code-reading/writing tools appropriate for the task.
Guidance: This skill appears internally consistent and intended to refactor your code to implement the Observer pattern. Before running it: 1) Make a backup or create a feature branch so you can review changes; 2) Require the agent to produce a diff/PR rather than applying changes directly if you want human review; 3) Ensure automated tests run after the refactor (observer changes can introduce subtle ordering, consistency, or lifetime bugs); 4) Limit the agent's file-write scope to the relevant project directories; 5) Review any produced changes for dangling-reference handling, notification timing, and whether a ChangeManager (more complex) is actually needed. If you want extra assurance, ask the agent to list exactly which files it will modify before applying edits.

Purpose & Capability: okName, description, and declared required tools (Read, Write, TodoWrite, optional Grep/Glob) match an implementation/refactor skill for the Observer pattern. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope: okSKILL.md instructs the agent to audit code, define interfaces, implement Attach/Detach/Notify, consider push vs pull, and optionally implement a ChangeManager; it explicitly requires a codebase or detailed design. The instructions require reading and writing the user's codebase (expected for a refactor) but do not direct the agent to read unrelated system files, access secrets, or send data to external endpoints.
Install Mechanism: okNo install spec and no code files to write to disk by the skill itself. This is an instruction-only skill (lowest install risk).
Credentials: okThe skill requires no environment variables, credentials, or config paths. The only required capabilities are code-reading and code-writing tools, which are proportionate to the described refactor task.
Persistence & Privilege: okalways:false (default) and model invocation not disabled — normal for a user-invocable skill. The skill does not request permanent elevated privileges or modification of other skills' configurations.