Back to skill
Skillv1.0.0
ClawScan security
Safe Legacy Editing Discipline · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 2:50 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only guidance tool for safely editing legacy code and its requirements and instructions align with that purpose.
- Guidance
- This is a coherent, instruction-only skill that will read the code files you point it at and produce a safe-editing plan — it does not ask for credentials or install anything. Before using it, confirm the agent has only the necessary file access (read/edit) you intend to grant, and review the referenced dependency 'legacy-code-change-algorithm' to ensure that skill's behavior (e.g., any shell commands) is acceptable. If you want extra caution, run the guidance manually rather than allowing autonomous agent edits.
Review Dimensions
- Purpose & Capability
- okName, description, and declared inputs (a codebase and a planned change) match the instructions: the skill is purely behavioral guidance for editing untested/legacy code. It does not request unrelated binaries, credentials, or config paths.
- Instruction Scope
- okSKILL.md directs the agent to read target code files, assess test coverage, and produce a scoped editing plan using four disciplines. These actions are appropriate for the stated purpose. It depends on the 'legacy-code-change-algorithm' skill (invocation of another skill) — that dependency is expected but you should review that other skill's instructions before running.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Nothing will be downloaded or written to disk by the skill itself.
- Credentials
- okThe skill requests no environment variables, credentials, or special config paths. It does require read/edit access to the codebase (expected and proportionate).
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request permanent presence, nor does it modify other skills or system-wide settings according to the provided metadata.