Back to skill
Skillv1.0.0
ClawScan security
Json Canvas · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 6:42 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only helper for creating and editing .canvas JSON files and its requirements and instructions are consistent with that purpose.
- Guidance
- This is an instruction-only skill for editing .canvas JSON files and appears internally consistent. There is no install and it does not request credentials. When using it, be aware that 'file' node examples reference local file paths — if you provide or load a .canvas that points to sensitive files, the agent working on that canvas may read those paths as part of editing/validation. Review any .canvas content before allowing the agent to run and avoid including references to secrets or system files you don't want accessed.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: SKILL.md describes creating, editing, validating .canvas JSON, ID generation, node/edge formats and examples. Nothing requested (no env vars, no binaries, no installs) is unrelated to that purpose.
- Instruction Scope
- okRuntime instructions focus on reading/parsing/writing .canvas files and validating node/edge IDs and positions. Example file nodes reference local file paths (expected for canvas file format) but instructions do not tell the agent to exfiltrate data or access other unrelated system state.
- Install Mechanism
- okNo install spec and no code files — lowest-risk model: the skill is purely documentation/instructions and does not pull code or write files during install.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The SKILL.md does reference local file paths only in the context of file-type nodes, which is proportional to editing canvas files.
- Persistence & Privilege
- okalways is false and disable-model-invocation is false (normal). The skill does not request permanent/system-wide privileges or modify other skills' configs.