Back to skill
Skillv1.0.0
ClawScan security
food-expiry-reminder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 2:10 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it implements a local, file-backed food expiry reminder using Python scripts that read/write a local JSON file and do not request external credentials, network access, or unusual installs.
- Guidance
- This skill appears to do exactly what it says: local Python scripts that read and write data/food_data.json. Before installing or running: (1) review the scripts (they are small and use only the standard library); (2) be aware data is stored in plain JSON in the skill directory—don't put secrets or sensitive info in the notes field; (3) consider backups or version control for the JSON file if you care about data loss; (4) if you plan to schedule cron jobs, ensure the job runs in the expected directory and under the intended user account; (5) the scripts do not implement file-locking for concurrent writes—avoid running multiple writers simultaneously to prevent corruption. No network access or credentials are requested by this skill.
Review Dimensions
- Purpose & Capability
- okName/description match the delivered functionality. The scripts implement adding, listing, checking, and reminding about food expiry and store data in data/food_data.json as documented.
- Instruction Scope
- okSKILL.md instructions align with the scripts. Runtime instructions only reference local files and running the provided Python scripts; they do not instruct reading unrelated system files, contacting external endpoints, or collecting extra environment data.
- Install Mechanism
- okNo install spec; this is an instruction-only skill with bundled Python scripts that rely on the standard library. No downloads, package installs, or extracted archives are requested.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. All data access is confined to the skill directory (data/food_data.json). There are no requests for secrets or unrelated service tokens.
- Persistence & Privilege
- okalways:false and default autonomous invocation are used (normal). The skill writes only to its own data file and does not modify other skills or global agent settings.