Back to skill
Skillv1.0.0
ClawScan security
MSBuild Top 80 Commands · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 13, 2026, 7:56 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that provides MSBuild/dotnet CLI command templates; its requirements and instructions are consistent with that purpose and it requests no unusual permissions or installs.
- Guidance
- This skill is instruction-only and appears coherent for its stated purpose. Before running any of the example commands on your machine: ensure you have dotnet/msbuild installed, inspect the exact command and target paths, and avoid running build/test/publish commands against untrusted repositories because MSBuild targets or test hooks in project files can execute arbitrary code during a build. If you want to prevent accidental execution, copy the commands for offline review rather than allowing an agent to run them autonomously.
Review Dimensions
- Purpose & Capability
- okThe manifest and SKILL.md both describe MSBuild / dotnet CLI command templates. There are no unexpected environment variables, binaries, or external services required that don't match the described purpose.
- Instruction Scope
- okSKILL.md contains only command examples and guidance for building, testing, publishing, and diagnosing .NET projects. It does not instruct reading unrelated files, exfiltrating data, or calling external endpoints. Note: executing the provided build/test commands against untrusted projects can run MSBuild targets defined in those projects, which may execute arbitrary tasks on the host—this is an operational caution, not an incoherence.
- Install Mechanism
- okNo install spec or code files are included (instruction-only). Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. This is proportionate for a collection of CLI command templates.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide changes. Autonomous invocation is allowed by default on the platform but this skill's instructions are benign templates; still, any agent-run command would run in the user's environment.