Back to skill
Skillv1.0.0
ClawScan security
Grit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 5, 2026, 7:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are internally consistent with its stated purpose of persistent, methodical escalation; it asks for no credentials or installs itself but can recommend installing other tools, so enforce SOPs and install-review policies before enabling it.
- Guidance
- This skill appears coherent, but it can escalate by installing or using other tools — before enabling, ensure you have: 1) a clear SOP.md that the agent must read and obey (or deny access if none exists); 2) an install-review / scan pipeline that the agent must run and that requires human approval for new tools or skills from untrusted sources; 3) limits on autonomous installs (consider requiring user confirmation for any install or access to real browser sessions); and 4) logging/notifications for all escalation actions so you can audit what it installed or attached to. If you lack these controls, test the skill in a sandboxed environment first.
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md: the skill exists to keep trying alternative tools and tactics until a task is solved. It does not declare any unrelated env vars, binaries, or config paths.
- Instruction Scope
- noteInstructions allow the agent to research and install new tools/skills and to attach to real browser sessions when needed; this is coherent with the escalation purpose but expands the agent's effective reach and therefore depends on the user's SOP and install-review workflow being enforced.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is downloaded or written by the skill itself, which minimizes direct install risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. It references reading a local SOP.md if present, which is reasonable and scoped to policy enforcement.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide privileges or to modify other skills. Autonomous invocation is allowed by default (normal for skills) but combined with its ability to install other tools, this increases the importance of install governance.