Back to skill
Skillv1.0.0
ClawScan security
Refactoring Readiness Assessment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 7:13 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only planning skill whose requests and runtime instructions match its stated purpose and do not require credentials, installs, or system access—low risk and internally coherent.
- Guidance
- This skill is instruction-only and appears internally consistent with its purpose. It does not execute code or request credentials, so risk is low. Practical precautions: avoid pasting secrets (API keys, DB passwords, private certificates) or entire repositories into the chat; provide minimal representative code snippets and test coverage info instead. If you prefer to prevent any autonomous invocation, check your agent's skill-invocation policies before installing. If you need stronger assurance, request a copy of SKILL.md or run the skill in a restricted/testing agent first.
Review Dimensions
- Purpose & Capability
- okName/description ask for a refactoring readiness assessment; the skill is instruction-only and only requests descriptive inputs about code, tests, deadlines, and constraints. It does not request unrelated credentials, binaries, or installs.
- Instruction Scope
- okSKILL.md confines the agent to interviewing the user, classifying triggers, enumerating constraints, and producing a plan. It explicitly states it will not modify code and does not instruct the agent to read system files, call external endpoints, or access environment variables.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). Nothing will be written to disk or downloaded as part of installation.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. All input is user-supplied contextual text (code descriptions or snippets), which is proportionate to the purpose.
- Persistence & Privilege
- okalways is false and there are no special persistence or system-configuration changes requested. The skill can be invoked normally by the agent but does not request persistent privileges.