Back to skill
Skillv1.0.3
ClawScan security
Opencode Select Confirm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 11:51 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only UI helper that prompts the user with choice/confirmation dialogs; its requirements and instructions are consistent with that purpose and it does not request credentials, installs, or access to system files.
- Guidance
- This skill is low-risk and only describes UI behavior. Before installing, confirm that your agent runtime provides the referenced 'question' tool (the skill assumes a dialog API) so it won't attempt unexpected fallbacks. Also: ensure the options you present to users do not contain sensitive data (the skill will display whatever candidates it generates), and test triggers (phrases like “推荐”, “确认”, and “confirm”) so the dialog doesn't fire inadvertently. If you later see code or install steps added to this skill that request network access, credentials, or file reads, re-evaluate because that would change the risk profile.
Review Dimensions
- Purpose & Capability
- okThe name and description state the skill shows selection and confirmation dialogs; the SKILL.md only instructs the agent to present choice boxes and follow simple dialog flows. There are no requested env vars, binaries, or config paths that would be unnecessary for a UI/dialog skill.
- Instruction Scope
- okRuntime instructions are narrowly scoped to presenting 3–5 candidate options, showing a follow-up action menu, and showing a confirmation dialog when asked. The SKILL.md references a 'question' tool for the selection UI but does not instruct reading files, accessing environment variables, contacting external endpoints, or exfiltrating data.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. Its declared needs are proportionate to its UI-focused purpose.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent system presence or modify other skills' configs. Autonomous invocation is allowed (the platform default) and not, by itself, a security issue here.