Back to skill
Skillv1.0.0
ClawScan security
Coding Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 4:51 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only beginner coding helper; its declared purpose matches the instructions and it requests no installs, credentials, or system access.
- Guidance
- This is a low-risk, instruction-only coding helper. Before installing: (1) understand it will ask users to paste code — do not include API keys, passwords, or other secrets in pasted code; (2) generated example code may be simplistic and could contain insecure patterns, so review any produced code before running it; (3) because it can be invoked by the agent, be cautious if you allow broad autonomous actions in workflows that might cause the agent to send code or data elsewhere.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md instructions: explain concepts, provide simple examples, and help debug when the user shares code. Nothing requested that is unrelated to a coding-assistant purpose.
- Instruction Scope
- noteInstructions are limited to explaining concepts, generating simple examples, and asking users to share code for debugging. This is appropriate, but be aware the skill asks users to paste code — users should avoid pasting secrets or private data into the chat.
- Install Mechanism
- okNo install spec and no code files — instruction-only skills do not write to disk or fetch external packages, which minimizes installer-related risk.
- Credentials
- okNo environment variables, credentials, or config paths requested. This is proportionate to the stated functionality.
- Persistence & Privilege
- okDefaults are used (not always: true). The skill is user-invocable and may be invoked autonomously by the agent (platform default), which is expected for a helper skill and is not by itself problematic.