Back to skill
Skillv0.1.0
ClawScan security
Websocket Engineer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMay 1, 2026, 4:55 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5.5
- Summary
- This is an instruction-only WebSocket development guide with no code execution, install steps, credentials, or hidden data access shown in the artifacts.
- Guidance
- This skill appears safe to install as an instruction-only development aid. As with any generated networking code, review the final application code for production-safe authentication, authorization, CORS, logging, rate limiting, and secret handling before deployment.
Review Dimensions
- Purpose & Capability
- okThe artifacts consistently describe WebSocket and Socket.IO architecture, scaling, patterns, protocol behavior, alternatives, and security guidance.
- Instruction Scope
- okRuntime instructions are limited to generating implementation guidance and code templates for real-time communication systems.
- Install Mechanism
- okNo install spec, required binaries, package downloads, helper scripts, or executable code files are present.
- Credentials
- okThe skill does not request environment variables, credentials, config paths, local file access, or network authority for itself.
- Persistence & Privilege
- okNo artifact shows background execution, persistence, autonomous workers, privilege escalation, or modification of installed skills or agent behavior.