Back to skill
Skillv1.0.9
ClawScan security
Truth Tutor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 8:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, scope, and requirements align with its stated purpose as a diagnosis-first learning coach and it does not request installs, credentials, or system access.
- Guidance
- This skill appears coherent and low-risk: it only uses its bundled guidance files and asks the user for context. Before installing, consider: (1) the skill's default tone is blunt/strict — if you're sensitive, instruct it to use a softer strictness level or decline to use 'brutal' mode; (2) do not paste private, proprietary, or personally identifying documents into the conversation (the skill asks for paper excerpts and prior answers); (3) because it is instruction-only, there is no hidden install activity or credential requests; (4) test the skill with a non-sensitive example first to verify its behavior and tone. If you need the skill to operate differently (softer voice, safety checks), ensure you include that preference with each request.
Review Dimensions
- Purpose & Capability
- okName/description (diagnose learning gaps and prescribe fixes) match the runtime instructions and included reference files. All declared capabilities are about diagnosing/repairing learning; nothing requires cloud creds, binaries, or unrelated privileges.
- Instruction Scope
- okSKILL.md instructs the agent to collect only user-provided context (topic, what they know, paper/title, prior answers). It references local helper files for taxonomy and templates. There are no instructions to read system files, environment variables, or to call external endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing will be written to disk or downloaded during install.
- Credentials
- noteNo environment variables, credentials, or config paths are requested (appropriate). Note: the skill will ask users to paste content such as paper excerpts or prior chat answers — users should avoid sharing sensitive or private data.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system privileges or modify other skills. It allows normal autonomous invocation (platform default), which is expected for a user-invocable coaching skill.