Skillv1.0.0

ClawScan security

Contact Centre Grok Pack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 8:05 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is a local, keyword-based transcript triage script that matches its description and does not request credentials, network endpoints, or installs from untrusted sources.
Guidance: This skill appears coherent and low-risk: it runs a local Python script that uses keyword rules to produce summaries, sentiment, urgency, routing and actions. Before installing or using in production: (1) review and remove any sensitive PII from transcripts or ensure you have legal basis to process them, (2) test against representative real cases — the script is simple keyword matching and can miss nuance or mislabel urgency, (3) run the script in a sandbox or limited environment to confirm behavior (it only reads the input file and optionally writes a JSON file), and (4) if you plan to wire outputs into live routing/CRM systems, add a manual review step to avoid automated misrouting or escalation. If you need more robust classification, consider integrating a vetted ML model or adding more domain-specific rules and unit tests.

Purpose & Capability: okThe name/description (triage, summaries, sentiment, routing) matches the included Python script and SKILL.md. The script implements simple keyword-based sentiment, urgency, routing, and actions consistent with the stated purpose.
Instruction Scope: okSKILL.md instructs running the bundled script on a transcript file and reviewing JSON results before routing. The instructions do not ask the agent to read unrelated files, access environment secrets, or transmit results to external endpoints; the script only reads the provided input and optionally writes a local JSON output.
Install Mechanism: okThere is no install spec (instruction-only skill) and a single bundled Python script. No remote downloads, package installs, or archive extraction are present. Execution is local and low-risk from an install perspective.
Credentials: okThe skill declares no required environment variables, credentials, or config paths and the code does not access any environment secrets. No disproportionate credential requests are present.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated or persistent system privileges. Autonomous invocation is allowed by default on the platform but the skill itself does not attempt to modify other skills or system-wide settings.