Back to skill
Skillv4.9.0
ClawScan security
Skill Provenance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 10:01 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, scripts, and runtime instructions are consistent with a version-tracking/packaging metaskill for Agent Skills bundles and do not request unrelated credentials or network installs.
- Guidance
- This bundle appears coherent and low-risk: it only operates on local bundle files, performs SHA-256 checks, and creates derived install copies. Before using: (1) review package.sh and validate.sh (they will copy and may rewrite MANIFEST.yaml and derived SKILL.md), (2) run validate.sh in verify mode first (no --update) to see mismatches, (3) operate on a local copy or backup the bundle before allowing automatic updates, and (4) avoid running these scripts against untrusted bundles unless you inspect those bundles first. The skill does not request credentials or perform network calls.
Review Dimensions
- Purpose & Capability
- okThe name/description (version tracking, manifest, changelog, packaging) match the provided artifacts: SKILL.md, MANIFEST.yaml, CHANGELOG.md, evals, and two shell helpers (package.sh and validate.sh) that implement packaging and hash verification. Nothing requested or included is out of scope for a provenance/packaging tool.
- Instruction Scope
- okSKILL.md instructs the agent to inventory, add version headers where appropriate, create/maintain MANIFEST.yaml and CHANGELOG.md, and package derived copies. These actions require read/write access to the bundle files and the scripts likewise operate on bundle files; that is expected. There are no instructions to read unrelated system files, secrets, or phone-home endpoints.
- Install Mechanism
- okNo install spec or remote downloads are present; this is instruction-only with local, zero-dependency shell helpers. No archive downloads, URL-based installs, or external package pulls are used.
- Credentials
- okThe skill declares no required environment variables, credentials, or external config paths. The included scripts rely only on common local utilities (shasum/sha256sum, awk, cp, mktemp) consistent with their purpose.
- Persistence & Privilege
- noteThe skill does not request always:true or system-wide privileges. However, the runtime model and helper scripts intentionally read and modify bundle files (they can rewrite SKILL.md in derived copies and update MANIFEST.yaml when hashes change). This is expected behavior for packaging/validation but means you should permit the agent to edit only bundles you trust or work on a copy.