Skillv1.0.0

ClawScan security

Strategic Situation Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 23, 2026, 3:31 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only classifier for game-theory situations; its declared inputs, references, and runtime instructions are consistent with that purpose and it does not request extra credentials, installs, or system access.
Guidance: This skill is an instruction-only classifier for game-theory situations and appears internally coherent. Recommended precautions before installing: (1) verify the downstream specialized skills (e.g., backward-reasoning-game-solver, nash-equilibrium-analyzer) for any credentials, network calls, or install actions they might require; (2) test the skill with non-sensitive, synthetic scenarios to confirm it only uses conversational inputs and does not attempt to access files or external services; (3) be aware that the skill may route your conversation content to other installed skills — if that concerns you, review those skills' permissions and data-handling policies. Overall, this skill itself does not request secrets or perform disk/network installs.

Review Dimensions

Purpose & Capability: okThe name/description match the actual content: an entry-point that classifies strategic situations and routes to specialist game-theory skills. It declares no binaries, env vars, or config paths and depends only on other strategy skills (backward-reasoning-game-solver, nash-equilibrium-analyzer), which is appropriate for a triage/dispatcher skill.
Instruction Scope: okThe SKILL.md instructs the agent to elicit players, moves, payoffs, timing, and other contextual information from the user — all directly relevant to classification. It does not instruct the agent to read system files, access unrelated environment variables, contact hidden external endpoints, or exfiltrate data. The only tools listed are 'Read' and 'Write' which appear to be agent I/O capabilities for interacting with the user and preparing inputs for downstream skills.
Install Mechanism: okNo install spec and no code files are present. This is the lowest-risk install posture: nothing will be downloaded or written to disk by an installer.
Credentials: okThe skill requires no environment variables, credentials, or config paths. It does depend on other skills for deeper analysis; those downstream skills may have their own requirements and should be reviewed, but this skill itself requests no secrets or unrelated access.
Persistence & Privilege: okThe skill is not marked always:true and uses normal autonomous invocation defaults. It does not request to modify other skills or system-wide settings. Autonomous invocation is allowed by platform default and is not itself a problem here.