Back to skill
Skillv1.0.0
ClawScan security
Sovereign Commit Craft · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMay 1, 2026, 5:58 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5.5
- Summary
- This is an instruction-only writing aid for Git commit messages, changelogs, release notes, and PR descriptions, with no artifact evidence of hidden code, credentials, persistence, or unsafe behavior.
- Guidance
- This skill appears safe for its stated purpose. As with any commit or changelog assistant, avoid pasting secrets, private keys, or sensitive customer data that may appear in diffs.
Review Dimensions
- Purpose & Capability
- okThe stated purpose and provided content consistently focus on analyzing user-supplied diffs, commit lists, and change descriptions to produce conventional commits and release documentation.
- Instruction Scope
- okThe instructions are scoped to formatting, reviewing, and explaining commit messages and release notes; no artifact-backed instruction redirects user goals or requires unsafe tool use.
- Install Mechanism
- okThe registry states this is an instruction-only skill with no install spec, no code files, no required binaries, and no required environment variables.
- Credentials
- okThe skill may work with repository diffs or commit history, which is proportionate to its purpose, and the artifacts do not request broad filesystem access, credentials, or network authority.
- Persistence & Privilege
- okNo persistence, background execution, privilege escalation, credentials, or autonomous mutation of repositories is evidenced in the supplied artifacts.