Back to skill
Skillv1.0.0
ClawScan security
Vibe Coding Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 1:13 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only workflow helper whose requirements and instructions are consistent with its stated purpose and it does not request credentials or install code.
- Guidance
- This skill is an instruction-only workflow assistant (no downloads, no credentials requested), and appears coherent with its stated purpose. Before enabling: be aware it expects to create/modify project files via your editor integration (Cursor) if you permit that — review any file changes it proposes before applying them. It may ask you to paste full error logs or repository context into the conversation; avoid pasting secrets. If you need stricter guarantees, run its suggestions manually rather than granting automatic edit/commit permissions.
Review Dimensions
- Purpose & Capability
- okName/description (Vibe Coding 5-phase workflow) matches the SKILL.md content. The skill requests no binaries, env vars, or installs — appropriate for a purely procedural workflow helper.
- Instruction Scope
- okRuntime instructions are limited to guiding conversation, producing/structuring Markdown artifacts, asking the user for logs/requirements, proposing architectures, and using Cursor editing capabilities to create/modify project files. The guidance does not instruct reading unrelated system files, accessing secrets, or sending data to external endpoints.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only so nothing is written to disk by an installer.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. All required inputs are user-provided conversationally (requirements, repo root, error logs).
- Persistence & Privilege
- okalways is false and the skill is user-invocable. The SKILL.md suggests the agent should auto-enable upon keywords, which is a behavioral trigger rather than an elevated privilege; there is no request to persist or alter other skills or system-wide settings.