Back to skill
Skillv1.0.4
ClawScan security
Decision-Grade Reasoning (DGR) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 8:54 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only, schema-driven reasoning template that is internally consistent with its stated purpose and requests no unusual privileges or installs.
- Guidance
- This skill is instruction-only and internally consistent: it only formats reasoning into a strict JSON schema and requests no credentials or installs. Before using it, consider: (1) any sensitive or personally identifiable information you include in the question will appear verbatim in the artifact — ensure secure storage and retention policies; (2) for legal/medical/financial or safety-critical decisions rely on human experts (the skill explicitly gates review_required for high-stakes cases); (3) validate produced artifacts against schema.json in your pipeline and spot-check outputs for hallucinated facts or missing clarifications; and (4) test the skill with representative inputs to confirm the agent implements the
Review Dimensions
- Purpose & Capability
- okName/description (produce auditable, schema-valid decision artifacts) aligns with the provided files (SKILL.md, prompt.md, schema.json, examples). No binaries, env vars, or installs are requested — all consistent with an instruction-only formatting/templating skill.
- Instruction Scope
- noteRuntime instructions are narrowly scoped to producing a JSON artifact that conforms to schema.json, asking for clarifications when inputs are missing, and to avoid fabricating sources or chain-of-thought. It also directs generating UUIDs and computing a stable query hash (e.g., sha256 of the user query) — operations that are reasonable but will surface whatever user input is provided. Note: the skill will encode decision content into artifacts, so sensitive inputs become part of that artifact.
- Install Mechanism
- okNo install spec or code artifacts that execute on disk; instruction-only skill — lowest-risk install profile.
- Credentials
- okRequires no environment variables, credentials, or config paths. The lack of requested secrets is proportionate to the described functionality.
- Persistence & Privilege
- okalways:false and normal model invocation behavior. The skill does not request persistent system presence or modify other skills. Users should, however, consider how/where generated artifacts are stored because they may contain sensitive decision data.