Back to skill
Skillv1.0.0
ClawScan security
Skylv Log Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 1:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only log parsing helper whose requested capabilities and instructions are consistent with its stated purpose and do not ask for unrelated credentials or installs.
- Guidance
- This skill is coherent for analyzing logs, but be cautious about what logs you let it read: logs can contain credentials, tokens, IPs, or PII. Before using, (1) only provide the specific log files you want analyzed (avoid giving root/system logs), (2) consider sanitizing or redacting sensitive fields, (3) prefer manual invocation if you do not want autonomous access, and (4) verify outputs before sharing externally. Note that absence of code files means there was nothing for the static scanner to inspect; that reduces install risk but does not automatically protect your log contents.
Review Dimensions
- Purpose & Capability
- okThe name and description (log parsing and summarization) align with the SKILL.md instructions. It asks the agent to read log files (examples: server.log, app.log) and extract timestamps, levels, messages and report counts and anomalies. There are no unrelated required binaries, environment variables, or config paths.
- Instruction Scope
- noteThe instructions explicitly tell the agent how to read logs on Windows and macOS/Linux (type/Get-Content/tail) and how to parse formats. This is appropriate for a log analyzer, but the SKILL.md does not limit which files may be read or warn about sensitive contents. Reading arbitrary logs can expose secrets/PII — the instructions do not advise sanitization or access controls.
- Install Mechanism
- okThere is no install spec and no code files; the skill is instruction-only, which minimizes filesystem persistence and installation risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportionate for a log-only analysis helper.
- Persistence & Privilege
- okThe skill is not forced-always and does not request persistent privileges or modify other skills. Autonomous invocation is allowed by default but is not combined with other concerning privileges.