Skillv0.0.9

ClawScan security

buildwright · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 19, 2026, 12:41 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are consistent with an autonomous GitHub-centered development workflow; the requested GITHUB_TOKEN and git/gh binaries are proportionate to creating commits and PRs.
Guidance: This skill appears coherent, but it will be able to read and modify whatever repository you run it in and use the provided GITHUB_TOKEN to push branches and create PRs. Before enabling it in a production repo: 1) prefer a fine‑grained GitHub token limited to a single repository and only the needed permissions (Contents read/write, Pull Requests read/write); 2) test the skill in a sandbox repository first with BUILDWRIGHT_AUTO_APPROVE unset so it stops for manual approval; 3) inspect any .buildwright/agents/ prompt files in your repo to confirm they contain only review prompts (no secrets or unexpected instructions); 4) store the token securely and rotate/revoke it if you stop using the skill; 5) monitor created branches and PRs until you’re comfortable with its behavior.

Review Dimensions

Purpose & Capability: okThe skill is an autonomous development pipeline that commits, pushes, and opens PRs; requiring git, gh, and a GITHUB_TOKEN with repo scope matches that stated purpose. Optional scanners (semgrep, gitleaks, trufflehog) are reasonable for the declared security-scan steps.
Instruction Scope: noteSKILL.md explicitly instructs the agent to read the repository, .buildwright prompt files, generate specs, run tests/lints/security scans, and commit/push via gh. Reading the codebase and those workspace files is expected for feature implementation and review, but the agent will have broad read/write access to the repository it runs in — review which repository is used and what files live there before running.
Install Mechanism: okInstruction-only skill with no install steps or external downloads; lowest install risk because it doesn't write or execute bundled code. It relies on existing system binaries (git, gh).
Credentials: okOnly one credential (GITHUB_TOKEN) is required and is the declared primary credential; this matches the need to create branches, push commits, and open PRs. The SKILL.md recommends using a fine-grained token scoped to a single repository, which is appropriate. BUILDWRIGHT_AUTO_APPROVE is non-secret and not required.
Persistence & Privilege: okThe skill is not marked always:true and does not request modifications to other skills or system-wide settings. It can run autonomously (normal for skills) and will create commits/PRs if allowed — this is expected behavior for a CI/agent that automates development actions.