Back to skill
Skillv0.1.0
ClawScan security
Deepseek Reasoner Lite Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 8:35 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only persona for content creation with no installs, credentials, or file access; it is internally consistent but very minimal and open-ended.
- Guidance
- This skill is a minimal persona prompt for a content-creation agent and requires no installs or credentials, so it is low-risk from a supply-chain or secret-exfiltration perspective. However, it is very vague and gives the model wide discretion—if you need strict, auditable behavior, review or expand the SKILL.md to add explicit constraints and test it in a sandbox. Also ensure any runtime substitutions for template variables come from trusted sources (don’t substitute with secret values unless you intend to).
Review Dimensions
- Purpose & Capability
- okName and description claim a content-creator persona and the SKILL.md simply sets that persona. There are no extra env vars, binaries, or installs that conflict with the stated purpose.
- Instruction Scope
- noteThe instructions are extremely short and open-ended (just sets the agent identity and mentions template variables). This stays within the skill's stated purpose but grants broad discretion to the model; there are no directions to read files, access credentials, or call external endpoints, but the vagueness means behavior depends entirely on the host agent's controls.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing will be written to disk or fetched at install time.
- Credentials
- okNo environment variables, credentials, or config paths are requested. Template placeholders ($DATE$, $SESSION_GROUP_ID$) may need runtime substitution but do not imply secret access.
- Persistence & Privilege
- okalways is false and the skill does not request persistent presence or modify other skills or system settings. It can be invoked by the agent (normal platform behavior).