Skillv1.0.0

ClawScan security

Meta-Skill Orchestration Surface · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 2:43 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only meta-skill is internally consistent with its stated purpose as an orchestration/activation layer and does not request unrelated credentials or install components.
Guidance: This skill appears to be what it says: a router/orchestrator that reads its included activation map and proposes/executes skill chains. Before installing or enabling it, consider: (1) confirm that the agent will always present proposed chains and request explicit user approval before executing steps that access external services; (2) review downstream skills (skill-creator, mcp-builder, connectors) for any credential or network requirements they will request if invoked; (3) be cautious about allowing automatic publication or deployment steps (Cloudflare, Vercel, marketplace bridges) — those require platform credentials and may publish content or code; and (4) periodically audit the activation-map contents so any referenced external endpoints or packaged tools are still trustworthy. If you want stronger guarantees, require that the activator never autonomously invokes build/deploy skills without an extra confirmation step.

Review Dimensions

Purpose & Capability: okThe name/description (a meta 'activator' that inventories and composes other skills) matches the included references and instructions. It does not request unrelated binaries or credentials; the listed connectors and marketplaces are referenced as potential targets for composed pipelines, which is appropriate for an orchestrator.
Instruction Scope: noteThe SKILL.md limits itself to reading its included reference files, proposing chains, asking for user confirmation, and then executing approved chains. That scope is appropriate. Note: the skill can propose building new skills or invoking other skills (skill-creator, create-cowork-plugin, mcp-builder). Those downstream actions may in turn require credentials or external side effects—the activator itself does not declare them and the doc says it will present proposals for confirmation, which mitigates autonomous escalation.
Install Mechanism: okInstruction-only skill with no install spec or code files to execute. No downloads or archive extraction are present.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. Although the activation map references connectors that in practice require auth (Google, Cloudflare, X/OAuth, npm/PyPI tokens), this activator correctly does not demand them itself — authentication should be handled by the individual connector skills when invoked.
Persistence & Privilege: okalways:false and standard model invocation settings. The skill updates/reads only its own reference files; it does not claim to modify other skills' configurations or require permanent system presence.