Back to skill
Skillv1.0.0
ClawScan security
OutputForge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 7, 2026, 7:17 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only formatting/clarity skill whose requested resources and runtime instructions match its stated purpose and do not ask for credentials, installs, or external access.
- Guidance
- OutputForge is an instruction-only formatting helper and appears internally consistent and low-risk: it asks for nothing and only gives rules for producing concise, structured outputs. Before enabling: (1) decide whether you want the agent to apply aggressive brevity automatically (it may remove nuance or context), and (2) if you combine this skill with other skills that do network access or handle secrets, review that composition — this skill itself does not access or transmit data.
Review Dimensions
- Purpose & Capability
- okName/description promise (produce clear, structured, fast outputs) matches the provided modules and rules. No unexpected binaries, env vars, or config paths are required.
- Instruction Scope
- okSKILL.md and module files only contain formatting and response-guidance (structure, clarity, speed, refinement). They do not instruct reading system files, calling external endpoints, or accessing credentials. One behavioral note: 'prioritize direct answers' and 'do not delay output' encourage brevity which may sacrifice nuance, but this is a functional choice, not a security concern.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk or fetched at install time. This is the lowest-risk install posture.
- Credentials
- okSkill declares no required environment variables, no credentials, and no config paths. The instructions do not reference any external secrets or unrelated services.
- Persistence & Privilege
- okalways is false and there is no indication the skill modifies agent/global settings or other skills. It is user-invocable and can be invoked autonomously (platform default), which is expected for a reusable instruction module.