Back to skill
Skillv1.0.1
ClawScan security
Bug Investigation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 20, 2026, 6:55 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only frontend bug investigation guide and its requested footprint (no installs, no env vars, no code) matches its stated purpose.
- Guidance
- This skill is a harmless, text-only checklist for frontend debugging. Before using it, be careful not to share production secrets, real user credentials, or proprietary source code when supplying recordings, logs, or a minimal repro. If creating public reproductions (CodeSandbox, etc.), sanitize or redact sensitive data. Otherwise the skill is coherent and low-risk.
Review Dimensions
- Purpose & Capability
- okName/description describe frontend bug investigation and the skill only contains procedural debugging instructions; it does not request unrelated credentials, binaries, or system access.
- Instruction Scope
- noteInstructions are limited to asking for repro steps, console/network logs, screenshots/recordings, and using DevTools/CodeSandbox; this is appropriate for debugging, but the skill may prompt users to share test accounts, logs, or code—users should avoid sending secrets or proprietary source without review.
- Install Mechanism
- okNo install spec or code is present (instruction-only), so nothing is written to disk or fetched during install.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The only potential exposure is user-provided repro data (screenshots, logs, test accounts) which is a normal requirement for debugging but should be handled cautiously.
- Persistence & Privilege
- okSkill does not request persistent/always-on presence and uses default invocation settings; it does not modify other skills or system configuration.