Skillv1.1.0

ClawScan security

YES.md 中文版 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 11:05 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only governance/checklist skill for evidence-driven debugging and safe changes; its requirements and behavior align with its stated purpose.
Guidance: This skill is a governance/checklist (evidence-first debugging, backups, ripple-effect checks) and is internally coherent. It is instruction-only (no install, no secrets requested). However, the instructions assume the agent can run shell commands and read system state (files, env, docker, logs) and call web search; the skill does not enumerate binaries or limit which paths will be read. Before enabling: (1) confirm whether your agent runtime is allowed to execute shell commands or access sensitive files; (2) if you want to restrict file/system access, run this skill in a sandbox or disable autonomous invocation; (3) ensure any WebSearch endpoint the agent uses is acceptable for your data; and (4) test the skill in a non-production environment so its recommended commands and checks behave as you expect.

Review Dimensions

Purpose & Capability: okThe name/description match the SKILL.md content: a governance checklist that enforces evidence-first debugging, backups, impact checks, and verification. It requests no binaries, env vars, or installs — consistent with being an instruction-only guidance skill.
Instruction Scope: noteSKILL.md tells the agent to run system inspection and verification commands (examples: cp, curl, cat, grep, lsof, docker/docker-compose checks, env, node -v) and to use WebSearch. That is appropriate for a debugging/governance checklist, but the skill does not declare required binaries or explicitly constrain which system paths may be accessed. Users should expect the agent to attempt reading files and running shell commands when this skill is followed.
Install Mechanism: okNo install spec and no code files — lowest-risk model: nothing written to disk by the skill itself.
Credentials: noteThe skill declares no required environment variables or credentials and explicitly advises not to request secrets. However, its instructions recommend inspecting the runtime environment (env, node -v, which, docker ps). That means the agent may read local environment and system state at runtime even though no env vars are declared; this is consistent with the purpose but worth noting.
Persistence & Privilege: okalways is false, no install or config changes are requested, and the skill does not ask to modify other skills or system-wide settings. Autonomous invocation is allowed by default, which is normal for skills and not flagged here.