Skillv1.0.0

ClawScan security

Freelance Proposal Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 13, 2026, 12:29 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, resource needs, and behavior are coherent with its stated purpose of generating tailored freelance proposals and do not ask for unrelated credentials or installs.
Guidance: This skill appears coherent and low-risk: it only needs the job text or URL and produces proposals. Before enabling, check what runtime permissions the agent will actually grant this skill (especially Bash / file Read/Write and WebFetch): if possible, restrict shell/file access to only the directories you intend to share, and avoid providing sensitive local files. Test the skill with non-sensitive sample job listings first, and review any outgoing web requests or files it writes. If you don't need shell access, prefer a runtime configuration that disables Bash for this skill.

Review Dimensions

Purpose & Capability: okThe skill asks only to read job descriptions (paste, URL, or file) and fetch public listing pages; those capabilities match the stated purpose. The allowed tools (Read, Write, WebFetch, WebSearch) are appropriate. Note: inclusion of Bash/Grep/Glob is broader than strictly necessary for proposal text generation and may be excessive but is explainable (reading local files, formatting, simple text processing).
Instruction Scope: noteSKILL.md stays on-topic (analyze listing, draft proposal, recommend pricing, provide platform tips). It explicitly allows reading a provided file or fetching a listing URL. It does not instruct the agent to access unrelated system state or secret env vars. However the header permits powerful tools (Bash, Read, Write, Glob, Grep) which — if the runtime grants them — could access arbitrary local files or run shell commands; the instructions themselves do not justify broad shell access beyond reading a supplied job file.
Install Mechanism: okNo install spec and no code files (instruction-only), which is lowest-risk: nothing is downloaded or written to disk by an installer.
Credentials: okThe skill requires no environment variables, credentials, or external service tokens; requested capabilities are proportional to the task.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide changes or modify other skills. Autonomous invocation is allowed by default but is not combined with broad credentials or other red flags here.