Skillv1.0.0

ClawScan security

Nonprofit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 7, 2026, 3:22 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions align with nonprofit operations and it requests no extra credentials or installs, but it assumes access to donor/finance data so you should review which connectors and permissions the agent will have before enabling.
Guidance: This skill appears coherent for nonprofit operations and contains no built-in installers or credential requests. Before enabling it: (1) review and limit which external connectors (CRM, accounting, calendar, email) the agent is allowed to use — grant only the minimum permissions needed; (2) confirm where donor PII and financial data will be read/stored and ensure compliance with privacy/finance policies; (3) test in a sandbox environment with mock data before connecting real systems; (4) set explicit safeguards for actions that send donor communications, sign grant agreements, or perform financial operations (require human sign-off); and (5) if you are uncomfortable with autonomous runs accessing sensitive systems, restrict the skill so it must be user-invoked or disable autonomous invocation in your agent settings.

Review Dimensions

Purpose & Capability: okName/description match the SKILL.md content: donor management, grant tracking, volunteer coordination, reporting templates and heartbeat checks. There are no unrelated required binaries, env vars, or install steps; the requested capabilities are coherent for a nonprofit/NGO operations helper.
Instruction Scope: noteSKILL.md instructs the agent to check grant deadlines, donor acknowledgments, pledges, volunteer shifts, board materials and to generate outreach drafts and reports. The instructions are domain-appropriate but somewhat open-ended about data sources (CRM, accounting system, calendars, email). That means the agent will need access to those systems to implement the tasks — the spec itself does not limit which connectors or files to read.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This is the lowest-risk delivery method: nothing is written to disk by the skill itself.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. However, many of the actions described imply handling sensitive PII and financial records (donor data, tax receipts, grant agreements) — such access would come from platform connectors, not from this skill's declared requirements.
Persistence & Privilege: okalways is false (normal). disable-model-invocation is false (normal autonomous invocation). No instructions to modify other skills or system-wide settings. Autonomous invocation plus unspecified connectors is a policy/configuration concern but not an intrinsic incoherence in the skill.