Back to skill
Skillv1.0.0
ClawScan security
Update MD · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 5:25 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only documentation helper that is internally consistent with its stated purpose and does not request credentials, install code, or call external endpoints.
- Guidance
- This skill is an instruction-only doc template and appears coherent with its purpose. Before installing, consider: (1) do not place real secrets (private SSH keys, passwords, API keys) into documentation files — treat templates' SSH/IP placeholders as sensitive metadata you should redact or store separately; (2) if you allow agents to write or commit files automatically, limit their repository permissions so they cannot leak credentials or push unwanted changes; (3) review any AGENTS.md or automation that would cause agents to auto-update docs after deploys to avoid accidental publication of sensitive runtime data. If you want extra assurance, open the repo where you plan to use these templates and confirm no automation will insert secrets into Markdown files.
Review Dimensions
- Purpose & Capability
- okName and description match the contents: the skill provides templates and rules for creating/updating Markdown project docs. It does not request unrelated credentials, binaries, or config paths.
- Instruction Scope
- noteSKILL.md and the templates stay within the doc-creation/update scope (file structure, update rules, templates). The templates include placeholders for server IP, SSH user/key and deployment commands (normal for deployment docs). Be aware the guidance 'Deploy = Update docs' and the suggestion to add doc maps to AGENTS.md could encourage an agent to edit repository files frequently; the instructions themselves do not contain any commands that exfiltrate data or contact external services.
- Install Mechanism
- okNo install spec, no code files, and no downloaded artifacts — lowest-risk (instruction-only) footprint.
- Credentials
- okThe skill declares no environment variables, credentials, or privileged config paths. Templates reference fields like IP/SSH in a documentation context only; no credential consumption or storage by the skill itself is requested.
- Persistence & Privilege
- okalways:false (default) and normal autonomous invocation settings. The skill does not request permanent platform presence or attempt to modify other skills or system-wide agent settings.