Back to skill
Skillv1.0.0
ClawScan security
Code Review Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:41 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions line up with its stated purpose (code-review guidance); it is instruction-only, requests no credentials, and its allowed tools are reasonable for reviewing and verifying code, though you should be cautious about WebFetch and running shell commands without explicit safeguards.
- Guidance
- This skill is internally consistent and matches its stated purpose, but pay attention to two practical risks before enabling it: (1) WebFetch is allowed — confirm policy or configuration prevents the skill from POSTing repository code or including source in URL/query parameters (SAFETY.md includes guardrails, so ensure your agent enforces them). (2) Bash is allowed — require explicit user confirmation before the agent runs build/test/lint commands or any destructive shell operations. If you will use this in a sensitive codebase, restrict or audit WebFetch usage and require explicit prompts/consent before running commands that modify the repo.
Review Dimensions
- Purpose & Capability
- okName/description (comprehensive code review across many languages) matches what the skill requests and instructs: it is an instruction-only reviewer that relies on repository-reading, grep/glob, running lint/test/build via Bash, and consulting documentation via WebFetch. There are no unrelated environment variables, binaries, or install steps requested.
- Instruction Scope
- noteSKILL.md stays on-topic for code review (context gathering, high-level and line-by-line review, checklists, language-specific guidance). It declares allowed tools including Read/Grep/Glob/Bash/WebFetch. That is reasonable for a reviewer, but WebFetch and Bash can be used to exfiltrate code or run destructive commands if abused. The SKILL.md itself does not embed a strict prohibition on sending repository content to external endpoints or running destructive commands, but a separate SAFETY.md included with the skill does define guardrails (explicitly forbids posting repo content via WebFetch and forbids destructive/auto-remediation without explicit permission).
- Install Mechanism
- okNo install spec and no code files that execute — instruction-only skill. This is minimal risk from installation because nothing will be written to disk or downloaded at install time.
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths. This is proportionate for a code-review assistant and avoids unnecessary access to secrets or cloud services.
- Persistence & Privilege
- okalways:false (not force-included) and the skill does not request persistent system-level configuration or modify other skills. Autonomous invocation is allowed (default) but that is normal; there is no 'always' privilege or other elevated persistence.