Back to skill
Skillv1.0.0
ClawScan security
Blade Inspection · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 3:19 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, required inputs, and lack of installs or credentials are consistent with a visual wind-turbine blade inspection helper.
- Guidance
- This skill appears coherent and low-risk, but before using it: (1) provide high-resolution, zone-specific photos and any SCADA event summaries yourself — do not hand over credentials or feeds unless you intend to; (2) treat shutdown or safety recommendations as advisory and confirm with an on-site engineer or OEM specialist before acting; (3) verify any OEM-specific escalation rules or measurement thresholds your organization requires; (4) if you plan to let an agent access SCADA or other operational systems automatically, review that integration separately because the SKILL.md assumes contextual inputs but does not itself implement secure system access.
Review Dimensions
- Purpose & Capability
- okName/description match the content of SKILL.md: it focuses on classifying visual damage types and severities and producing a structured report. The skill declares no binaries, installs, or credentials — all consistent with an instruction-only inspection/reporting helper.
- Instruction Scope
- noteThe instructions stay within blade inspection scope (classify images/findings, apply rules, generate report). They reference external operational data (SCADA vibration/imbalance alarms) and expect high-resolution or zone-specific photos; this is reasonable but implies the user must supply that contextual data. The SKILL.md does not instruct reading system files or automatically fetching SCADA data, which would be out-of-scope — clarify whether the agent will be given SCADA feeds or only user-provided summaries.
- Install Mechanism
- okNo install spec and no code files (instruction-only). This minimizes on-disk execution or third-party downloads and is proportionate for a procedural/reporting skill.
- Credentials
- okThe skill does not request environment variables or credentials. It mentions OEM contact and SCADA signals as contextual inputs but does not ask for secret keys or system access — appropriate for the stated purpose.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system privileges. Autonomous invocation is allowed by platform default but the skill does not request elevated persistence or modify other skills.