Back to skill
Skillv0.1.0
ClawScan security
Help And Support · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 4:48 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions match its help-and-support purpose: it only instructs calling the wallet's CLI for help, onboarding, and issue reports and does not ask for unrelated credentials or install anything.
- Guidance
- This skill appears coherent and low-risk: it only calls your wallet's CLI for help, onboarding, and bug reports. Before installing, confirm that the fdx CLI and the related skills (authenticate, reportIssue, etc.) are from a trusted source (there is no homepage/source URL in the metadata). Avoid including secrets (private keys, seed phrases, API keys) in any bug report descriptions. If you want extra assurance, review the authenticate and reportIssue skill implementations (or their provenance) to confirm how authentication and report submission are handled.
Review Dimensions
- Purpose & Capability
- okName/description (help, onboarding, report issues) align with the runtime instructions which call fdx CLI subcommands (helpNarrative, onboardingAssistant, reportIssue, getAppVersion) and refer to related agent skills. There are no unrelated environment variables, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md confines behavior to running fdx CLI commands and coordinating with other named skills (authenticate, wallet-overview, fund-wallet). It does not instruct reading arbitrary files, other env vars, or exfiltrating data. It does instruct including app version and status in reports (reasonable for bug reports).
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no required environment variables, no credentials, and no config paths. The only operational requirement is the fdx CLI and other internal skills, which is proportional to a wallet help/support skill.
- Persistence & Privilege
- okThe skill is not marked always:true and model invocation is allowed (the platform default). It does not request persistent system-wide changes or modify other skills' configs.