Back to skill
Skillv0.1.0
ClawScan security
General Writing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 16, 2026, 3:21 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only writing skill whose requirements and instructions align with its stated purpose; no installs, credentials, or unexpected privileges are requested.
- Guidance
- This skill is coherent and low-risk: it's an instruction-only writer that requires no installs or credentials. Before installing, note two practical points: (1) the SKILL.md has a small garbled fragment that should be reviewed or removed; (2) the skill mandates clickable URL footnotes and claims sources must be 'true and real' but gives no verification mechanism — if you need reliable references, ensure the agent has browsing/verification capabilities or manually review the generated citations and links to avoid fabricated sources. Test the skill on example prompts and inspect any URLs it provides. Avoid feeding secrets or private documents to the skill unless you control how references are verified.
Review Dimensions
- Purpose & Capability
- okThe name and description ('General Writing') match the SKILL.md instructions: guidance for producing Markdown-format writing with citations, tables, and mermaid graphs. The skill declares no binaries, env vars, or installs, which is proportionate for an instruction-only writer skill.
- Instruction Scope
- noteThe runtime instructions are detailed and stay within a writing scope (Markdown-only output, use references, numbered clickable footnotes of the form [Number](URL), tables and mermaid encouraged). Two minor concerns: (1) the SKILL.md contains a garbled fragment ('rrent user query.The other paragraphs are JSON object...') that looks like truncated or leftover text and should be cleaned up; (2) the requirement to produce clickable URL footnotes and to ensure sources are 'true and real' is reasonable, but in practice it can encourage the model to fabricate plausible-looking links if it cannot verify sources. The instructions do not provide a mechanism or tool for verifying source authenticity, so consumers should ensure the agent has browsing/verification capability or review citations manually.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This is low risk because nothing is written to disk or downloaded during install.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. That is appropriate given the stated functionality.
- Persistence & Privilege
- okalways is false and model invocation is not disabled (normal). The skill does not request persistent system presence or modifications to other skills/settings.