Back to skill
Skillv1.0.0
ClawScan security
Agent Errantry Alignment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 12, 2026, 4:11 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a concept/architecture guidance skill mapping a fictional 'Young Wizards' metaphor to agent design; it contains no code, no installs, and requests no credentials, and its requirements align with its stated purpose.
- Guidance
- This skill is a purely conceptual framework (no code, no installs, no secrets). It appears internally consistent and safe to read/use as guidance. Things to consider before installing/using: (1) provenance — the Source/Homepage are unknown, so verify licensing if you plan to redistribute or build commercial products that reference Diane Duane's Young Wizards IP; (2) this is guidance only — it doesn't enforce behavior, so ensure your runtime agent or platform enforces any safety, access, or credential policies you require; (3) if you wire these patterns into an automated agent that has system or network privileges, audit that agent's actual runtime permissions (files, APIs, credentials) because the skill itself does not request them but an agent could still be granted those rights elsewhere; (4) validate any external references the framework cites before treating them as authoritative for security-critical decisions.
Review Dimensions
- Purpose & Capability
- okName/description (an alignment/framework metaphor) matches the actual contents: conceptual mappings, patterns, checklists, and heuristics. There are no unrelated environment variables, binaries, or install steps requested.
- Instruction Scope
- okSKILL.md is instruction-only and stays within conceptual and procedural guidance for designing, debugging, and validating agents (goal decomposition, RAG, tests, budgets, etc.). It does not instruct the agent to read system files, access credentials, or call external endpoints.
- Install Mechanism
- okNo install spec and no code files — the skill is instruction-only. That minimizes filesystem and execution risk.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. Nothing disproportionate to its purpose is asked for.
- Persistence & Privilege
- okalways is false and the skill is user-invocable (normal). The skill does not request persistent presence or modify other skills or system settings.