Skillv0.1.0

ClawScan security

Multi-Dim Eval Framework Designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 1:02 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill that produces a human-in-the-loop multi‑dimensional evaluation methodology; its required resources and runtime instructions match the stated purpose and do not request unrelated credentials or installs.
Guidance: This skill is an instruction-only methodology: benign and coherent with its stated purpose. Practical notes before installing/using: (1) provenance: the registry entry has no homepage and the README's git URL is a placeholder, so verify the author/source if you need an audited copy. (2) This skill does not automate scoring — it produces rubrics and templates; scoring and spot-checks are human-in-the-loop. Expect to provide calibration cases and possibly internal logs (jsonl/markdown); avoid uploading or sharing sensitive production data unless you trust the environment. (3) Pay attention to the canonical/proxy warnings in the docs: proxies require sampling and spot-checks and may produce noisy scores. (4) Because the skill is instruction-only, there is low technical attack surface, but verify the included templates/references meet your governance and citation requirements before using results in decision-making.

Purpose & Capability: okThe name/description (designing multi-dimensional evaluation frameworks) matches the delivered artifacts (SKILL.md, templates, references, examples). There are no unexpected environment variables, binaries, or external services required.
Instruction Scope: okSKILL.md contains only procedural guidance (questions to ask, worksheets to fill, rubric rules) and points to local templates and reference docs in the skill. It does not instruct the agent to read arbitrary system files, exfiltrate data, or call external endpoints. It does require the user to supply calibration cases and potentially internal logs for scoring, which is appropriate for the skill's purpose.
Install Mechanism: okNo install spec or code is provided — the skill is instruction-only. This minimizes code-on-disk risk; nothing is downloaded or executed by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The canonical/proxy guidance presumes access to user-supplied evaluation artifacts (jsonl, markdown logs) which is proportionate given the purpose.
Persistence & Privilege: okFlags show normal defaults (always:false, user-invocable:true). The skill does not ask for permanent presence or elevated privileges and contains no install hooks that would alter other skills or system-wide settings.