Back to skill
Skillv1.0.0
ClawScan security
Skill Registry | 技能注册表 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 1:46 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only local skill registry that reads and lists local SKILL.md / REGISTRY.md files and its requirements and instructions are consistent with that purpose.
- Guidance
- This skill is coherent for managing local skills, but review before applying: 1) Vet every SKILL.md you add to the registry—the registry causes the agent to read and run those workflows, so malicious or sloppy SKILL.md files could perform unwanted actions. 2) Back up RULES.md / AGENTS.md before appending RULES.snippet.md and review the snippet to ensure routing changes are intentional. 3) Prefer specific triggers (avoid overly broad keywords) and test routing in a safe workspace. 4) If you want stronger safety, require user confirmation before the agent auto-executes a matched skill or limit autonomous invocation while you populate and audit skills.
Review Dimensions
- Purpose & Capability
- okName/description (local registry + trigger-word routing) matches what the skill asks you to do: create/maintain a REGISTRY.md, append routing rules, and have the agent read SKILL.md files to list or route to skills. No unrelated credentials, binaries, or external endpoints are requested.
- Instruction Scope
- noteSKILL.md instructs the agent to read skills/REGISTRY.md and skills/<name>/SKILL.md and to execute workflows defined there. That is coherent for a registry, but it means the registry will cause the agent to execute whatever is in other SKILL.md files—so those target SKILL.md files must be vetted. It also instructs appending RULES.snippet.md to RULES.md or AGENTS.md (modifying workspace routing rules), which is expected for routing but is a configuration change you should review before applying.
- Install Mechanism
- okNo install spec and no code files to write/execute. Instruction-only skill — lowest install risk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. Requested access is limited to workspace files (REGISTRY.md, RULES.md, SKILL.md), which aligns with its stated purpose.
- Persistence & Privilege
- notealways is false and the skill is user-invocable; autonomous invocation is allowed (platform default). The instructions recommend modifying workspace-wide rule files (RULES.md/AGENTS.md) which effectively changes routing for the agent—this is within scope but is a privilege to change behavior and should be done deliberately and reviewed.