Back to skill
Skillv1.0.0
ClawScan security
Client Project Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 13, 2026, 12:28 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested actions, file paths, and tools match its stated purpose (managing clients, projects, invoices) and it does not request unrelated credentials or installs.
- Guidance
- This skill appears coherent and limited to managing local freelance data under ./freelance-data. Before installing, consider: 1) Run it in a dedicated project folder or container so its file reads/writes are contained. 2) Review or create freelance-data/config.json yourself (don’t let the skill auto-read unknown config files). 3) Note that the skill lists Bash as an allowed tool — if your platform lets you restrict tools, only enable the file read/write helpers if you don't want the agent to run arbitrary shell commands. 4) Back up existing data before first run. If you want extra caution, test in an isolated environment (VM/container) first.
Review Dimensions
- Purpose & Capability
- okThe name/description match the runtime instructions: create/read JSON files under ./freelance-data, generate invoices and updates, log time, and display a dashboard. No external services, credentials, or unrelated binaries are required.
- Instruction Scope
- noteSKILL.md confines operations to a local directory (./freelance-data) and describes only reading/writing JSON, generating Markdown/HTML invoices, and creating update emails. That scope is appropriate. One note: the skill header lists allowed-tools including Bash, which grants the agent the ability to run arbitrary shell commands; the SKILL.md itself does not instruct accessing system files outside the working directory, but the presence of Bash as an allowed tool increases the runtime capability and should be considered when granting tool permissions.
- Install Mechanism
- okNo install spec and no code files are present; this is instruction-only so nothing is written to disk by an installer. That is the lowest-risk posture for install mechanism.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. It optionally reads freelance-data/config.json (local workspace config) for user/business name and payment preferences, which is proportionate to its function.
- Persistence & Privilege
- okalways is false (no forced permanent inclusion). The skill can be invoked autonomously (default platform behavior) but does not request elevated/system-wide privileges or modify other skills' settings.