Back to skill
Skillv1.0.0
ClawScan security
한국 세금/절세 가이드 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 2:18 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are coherent with a Korean tax guidance assistant: it is instruction-only, requests no credentials or installs, and relies on law-search and web_search connectors as expected.
- Guidance
- This skill appears internally consistent and informational. Before installing, verify that the 'law-search' and 'web_search' connectors (or local skills) you permit are trustworthy, since the playbook references running local law-search scripts; confirm those scripts won't execute unexpected shell commands. Remember the skill is explicit that it provides general information only (not professional tax advice) and asks for no credentials. Avoid entering highly sensitive personal data (full identity numbers, account credentials) into any conversational session; for case-specific tax decisions, consult a licensed tax professional or contact 국세청 (☎126).
Review Dimensions
- Purpose & Capability
- okName/description (세금/절세 가이드) align with the included files: intent router, playbook, output templates and references. Declared data sources (법제처 API via law-search, 국세청 자료 via web_search) match the skill's purpose. There are no unrelated environment variables, binaries, or installs requested.
- Instruction Scope
- okSKILL.md and playbook limit runtime actions to: classify user intent, collect parameters, call the law-search skill and web_search for official materials, and produce Flash/Deep-Dive reports using internal templates and embedded reference data. The instructions do not ask to read arbitrary local files, environment variables, or send data to unknown external endpoints. Note: the playbook shows example bash calls to skills/law-search/scripts/law_search.sh — this assumes a local skill implementation is present and runnable; that is expected for cross-skill usage but means the agent may attempt to invoke local skill tooling if available.
- Install Mechanism
- okNo install specification (instruction-only skill). Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no required env vars, no primary credential, and no config paths. Connector mentions (~~law, ~~search, ~~notify, ~~docs) are consistent with the stated data sources and expected functionality. No unrelated secrets or broad credential requests are present.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent presence or modifications to other skills or system-wide settings. It does reference other skills but does not attempt to change their configurations.