Back to skill
Skillv98.0.1
ClawScan security
Due Diligence Dataroom · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 5:22 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only due-diligence / data-room checklist and audit template whose requirements and behavior are consistent with its stated purpose.
- Guidance
- This is an instruction-only checklist for assembling and auditing a due-diligence data room and appears internally consistent. It will expect you to provide sensitive company documents (financials, contracts, payroll, tax returns, employee data). Before using it, decide where and how you'll share those documents: avoid pasting PII or secrets into public or untrusted chats, confirm who (people/agents) will have access, consider redacting sensitive fields or using secure upload methods, and escalate legal or tax issues to counsel rather than relying on the skill's conclusions. Because the skill is only a template (no code), the main risk is data exposure from how you use it — not from hidden code or installs.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md. The skill is a guidance/template for organizing and scoring a due-diligence data room; it does not request unrelated credentials, binaries, or installs.
- Instruction Scope
- noteThe instructions ask the agent to produce structured folder layouts, gap reports, and to evaluate sensitive company materials (financials, employee lists, contracts, tax returns). That is expected for a DD tool, but it means the agent will ask for or rely on sensitive documents — the SKILL.md itself does not instruct reading system files or environment variables, but users must avoid pasting or uploading PII/secret documents to untrusted endpoints or agents.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). This minimizes persistence and write-to-disk risk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. No disproportionate access is requested relative to the stated purpose.
- Persistence & Privilege
- okalways:false and normal autonomous invocation are set. The skill does not request persistent or elevated privileges or attempt to modify other skills or system configuration.