Back to skill
Skillv1.0.0
ClawScan security
Legal Compliance Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:41 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and safety guardrails are coherent with its stated purpose as a compliance/DPA review assistant and do not request disproportionate access or installs.
- Guidance
- This skill appears internally consistent and focused on compliance guidance, but it is not a substitute for qualified legal counsel. Before enabling it in production: (1) verify the author/source and ensure organizational approval, (2) treat outputs as advisory—require review by a lawyer for legal determinations, (3) avoid pasting or uploading sensitive personal data into the skill (it has guardrails but no credentials or install guarantees), and (4) if you allow autonomous agent actions in your environment, audit logs and restrict actions (e.g., deny script execution or external access) according to your security policy.
Review Dimensions
- Purpose & Capability
- okThe name and description (GDPR/CCPA/DPA work, DSR handling) match the SKILL.md content. The skill does not request unrelated binaries, environment variables, or credentials and its checklists and workflows align with a legal/compliance review assistant.
- Instruction Scope
- okSKILL.md is instruction-only and provides guidance, checklists, and escalation requirements. It explicitly avoids providing definitive legal advice and refuses to execute scripts or perform system-level operations; it does not instruct reading arbitrary system files or exfiltrating data.
- Install Mechanism
- okNo install specification or code files are present (instruction-only). This is the lowest-risk model for skills because nothing is written to disk or fetched at install time.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. There is no apparent need for secrets or external service tokens to perform the documented guidance.
- Persistence & Privilege
- okThe skill is not always-enabled and uses default agent invocation settings. It does not request permanent presence or system-wide configuration changes; no privilege escalation indicators are present.