Back to skill
Skillv1.0.0
ClawScan security
Visitor Pattern Implementor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 10, 2026, 11:25 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that provides implementation guidance for the Visitor design pattern and its requirements are consistent with that purpose.
- Guidance
- This skill is purely instructional and coherent for implementing the Visitor pattern. Before installing, confirm what the platform 'tools' (TodoWrite, Read, Edit, Grep) will be allowed to access—they typically need read/write access to your repository or workspace to follow the steps. Also follow the advice in the SKILL.md: run the stability test on your element hierarchy first (if element types change frequently, do not apply Visitor). If you have any concerns about tool permissions, restrict them or run the instructions manually in a controlled environment.
Review Dimensions
- Purpose & Capability
- okName, description, and declared dependency (behavioral-pattern-selector) align with a design-pattern guidance skill. There are no unexpected binaries, credentials, or unrelated dependencies.
- Instruction Scope
- okSKILL.md contains developer-facing steps, sample code, and a decision checklist limited to the codebase and pattern selection. It does not instruct reading system secrets, contacting external endpoints, or accessing unrelated system paths. It does request using tools like TodoWrite/Read/Edit which is appropriate for tracking and editing the code.
- Install Mechanism
- okNo install spec and no code files to execute; instruction-only is lowest-risk. Nothing is downloaded or written by an installer.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The only permissions implied are to read and edit the user's codebase (via the listed tools), which is proportionate for a coding guidance skill.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide privileges or modifications to other skills. Autonomous invocation is allowed by default but not combined with other high-risk factors.