Back to skill
Skillv1.1.1
ClawScan security
YES.md · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 11:13 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only governance checklist for safe troubleshooting and changes; its requested actions and scope match its stated purpose and it does not ask for credentials or install components.
- Guidance
- This skill is a governance checklist: coherent and focused on safe, evidence-backed changes. It does instruct the agent to run local shell commands and read files when used, so only enable or invoke it where the agent is allowed to access the target environment (preferably a staging sandbox). Because it's instruction-only and has no installs or credential requests, the main risk is operational — an agent with direct access to production could follow its commands and make changes. Review invocation policies and sandboxing, and try the skill in a controlled test environment before using it on production systems. Also note the skill has no homepage or publisher reputation metadata; if provenance matters, consider verifying the source or recreating the checklist internally.
Review Dimensions
- Purpose & Capability
- okName/description describe a guardrail/checklist for making safe changes. The SKILL.md contains exactly those procedures (backup, verification, blast-radius checks) and does not request unrelated resources, binaries, or credentials.
- Instruction Scope
- okThe instructions tell the agent to run local verification commands (cp, grep, lsof, curl, docker-compose checks, etc.) and to produce evidence before acting. Those actions are consistent with a 'safety/guidance' skill. It does ask the agent to read local files and run commands, but only in the context of verifying changes, which aligns with the stated purpose.
- Install Mechanism
- okNo install spec or code files are present. This is instruction-only, so nothing will be downloaded or written to disk by an installer.
- Credentials
- okThe skill does not request environment variables, credentials, or config paths. The actions it describes (reading local files, running shell checks) are proportional to its safety/verification purpose.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request permanent presence, nor does it instruct modification of other skills or global agent config.