Back to skill
Skillv1.0.0
ClawScan security
Seam Type Selector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 2:50 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions align with its stated purpose (helping a developer choose a seam for testing legacy code); it requests no credentials or installs and only needs read/grep access to a codebase.
- Guidance
- This skill appears coherent and reasonable: it will read your repository (uses Read/Grep) to recommend seams and suggests tests or structural changes. Before enabling it, ensure you are comfortable granting the agent read access to the relevant codebase; review any recommended structural edits before applying them. Note that the skill references another capability ('dependency-breaking-technique-executor') that isn't declared — if you rely on automated execution of the recommended technique, verify that supporting skill is available and trusted. There are no declared installs or credentials required, and no scanner matches were found, but also note the skill has no test/evaluation metadata recorded, so validate recommendations on a small example first.
Review Dimensions
- Purpose & Capability
- okName, description, and tasks (classify dependency, assess language, recommend seam) match the declared inputs and required tools. Asking for Read/Grep to inspect a codebase is appropriate for this purpose.
- Instruction Scope
- okSKILL.md instructs the agent to gather language, dependency type, and call-site context from the codebase — all within the skill's stated goal. It does not request unrelated files, credentials, or exfiltration. Note: it references another skill ('dependency-breaking-technique-executor') but does not declare it as a dependency, which may limit automated chaining.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This is low risk because nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The lack of secrets is proportional to the task of analyzing a codebase and recommending techniques.
- Persistence & Privilege
- okalways is false and the skill does not request permanent agent-wide privileges. The skill requires read access to a codebase (normal for code-analysis skills). Autonomous invocation is allowed by default but presents no additional red flags here.