Back to skill
Skillv1.0.1
ClawScan security
Leadership Prompts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 5:28 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a self-contained, instruction-only prompt library with a simple local Node CLI and no requested credentials or network calls — its requirements and behavior match the stated purpose.
- Guidance
- This skill appears coherent and low-risk: it bundles a prompt JSON file and a tiny Node CLI that only reads that file. Before installing, verify you are comfortable running small local scripts and that the prompts themselves match your organization’s policies. When using prompts with an assistant, avoid inserting real sensitive or personally identifiable information into the {variables} fields unless you trust the execution environment.
Review Dimensions
- Purpose & Capability
- okName/description describe a prompt library for engineering leaders and included files (prompts.json + small Node CLI) directly implement that. Required binary (node) is proportional and expected.
- Instruction Scope
- okSKILL.md only documents using the local CLI and how to fill prompts; runtime instructions do not direct reading of unrelated files, environment variables, or sending data to external endpoints. The CLI reads only prompts.json packaged with the skill.
- Install Mechanism
- okNo install spec is provided (instruction-only style). There is a small JS script bundled; nothing is downloaded from external URLs and no archives are extracted.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill operates locally on packaged JSON data.
- Persistence & Privilege
- okalways is false, the skill does not request persistent system presence or modify other skills or system configs. It is a passive library invoked on demand.