Skillv1.2.0

ClawScan security

skill rules designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 4:23 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only tool for restructuring Claude Code skills that only reads and writes files in a user-provided skill directory and does not request unrelated credentials, installs, or network access.
Guidance: This skill is internally consistent and appears benign, but be mindful before you run it: 1) Only provide the skill directory you intend the assistant to operate on (do not point it at your home directory or system roots). 2) Confirm the restructuring plan the assistant prints before saying “go” — the SKILL.md claims it will wait for confirmation, which you should enforce. 3) Back up the original SKILL.md (or use version control) before allowing writes so you can recover if edits are unexpected. 4) Note there are no network calls, installs, or credential requests declared; if the assistant later asks for external keys, a URL download, or to operate outside the supplied directory, treat that as suspicious and stop.

Review Dimensions

Purpose & Capability: okThe name/description (restructure SKILL.md into rules files, encapsulate optional content, add templates, harden wording) matches the instructions and included reference/docs. It requires no binaries, env vars, or installs — appropriate for an instruction-only refactoring helper.
Instruction Scope: okRuntime instructions explicitly ask to read the provided skill directory (SKILL.md, rules/*.md, scripts/, assets/) and to present a plan before writing new rules files and updating SKILL.md. Those file reads/writes are coherent with the stated purpose. The SKILL.md also documents waiting for explicit user confirmation before making changes, which limits scope creep — users should still ensure the provided directory is the intended skill directory.
Install Mechanism: okNo install spec or code files are present; the skill is instruction-only so nothing will be downloaded or written during installation. This is the lowest-risk install posture and matches the skill's operations.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The instructions do not reference secrets or unrelated system configuration. This is proportionate for a file-restructuring assistant.
Persistence & Privilege: okalways:false and standard model invocation are used. The skill expects to read and write files inside the user-supplied skill directory (normal for this use). It does not request persistent system-wide privileges or modify other skills' configurations.