Back to skill
Skillv1.0.0
ClawScan security
Deep modules for agent-native codebases · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 11:13 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests, instructions, and included helper script are coherent with its stated purpose (designing/refactoring repos into deep modules) and do not ask for unrelated credentials, external downloads, or unusual system privileges.
- Guidance
- This skill is coherent for repo architecture and refactor planning. Before using it: run it against a fork or branch, review any scaffolded files or suggested moves before committing, restrict the agent's write/push permissions if you don't want automatic pushes, and ensure CI secrets or other sensitive files are not exposed to the agent. If you plan to let the agent run tests or apply changes autonomously, require a human review step for commits/PRs.
Review Dimensions
- Purpose & Capability
- okName/description match the behavior: the skill explains architecture/refactor workflows, includes templates and prompt snippets, and ships an optional local scaffolding script. It does not request unrelated binaries, credentials, or external services.
- Instruction Scope
- noteThe SKILL.md explicitly instructs the agent to inspect repository files (package.json, pyproject.toml, src/, tests, CI configs) and to run the repo's verification commands (tests/typecheck/lint). That is necessary for refactor planning, but it means the agent will read large parts of the repository — review generated output and allow reads only on intended repos.
- Install Mechanism
- okNo install spec is provided; this is instruction-first. The included scaffold script is small, dependency-free, and writes files locally without downloading code from the network.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The resources it accesses (repo files and local test commands) are proportionate to its goal.
- Persistence & Privilege
- okalways is false, and the skill does not attempt to modify other skills or system-wide agent settings. The scaffold script creates new files in the repo (non-destructive: it skips existing files), which is expected behavior for a scaffolding helper.