Back to skill
Skillv1.0.0
ClawScan security
Research Question Formulator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 5:32 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested actions and data access align with its stated purpose (helping shape research questions); it has no installs, no credential requests, and only asks to read user-provided notes/files when available.
- Guidance
- This skill appears to be what it says: a guidance tool for turning topics into research questions. It does not install software or request credentials. Note that the instructions explicitly tell the agent to look for and read local notes/drafts like notes.md, outline.md, or draft.md if they exist — if you have sensitive files in the working directory you do not want the agent to access, move or remove them or run the agent in a clean workspace. If you prefer, provide your topic and any excerpt verbally or paste only the material you want the skill to use.
Review Dimensions
- Purpose & Capability
- okThe name and description (narrowing topics into research questions using a 3-step formula) match the instructions and reference material. There are no unrelated dependencies, binaries, or credentials requested.
- Instruction Scope
- noteInstructions are narrowly focused on diagnosing topics, applying the 3-step formula, and generating question inventories. They do recommend that the agent look for and read user documents in the working directory (e.g., notes.md, outline.md, draft.md) if available — this is coherent given the skill's purpose, but it means the agent will read local user files if they exist.
- Install Mechanism
- okNo install spec or code is included (instruction-only). That minimizes disk writes and remote code execution risk.
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths. Any access to data is limited to local documents the agent is instructed to read for context, which is proportional to the task.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide privileges. It does require standard read/write tools for handling user-provided text, which is appropriate for an authoring assistant.