Back to skill
Skillv1.0.0
ClawScan security
Forms And Validation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 20, 2026, 6:56 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only helper for designing form structure and validation; its requirements and instructions are coherent with that purpose and it doesn't request extra credentials, installs, or system access.
- Guidance
- This skill appears safe and coherent: it provides form-design advice and code templates without asking for credentials or installing software. Before using generated code in production, review and test it (especially validation and accessibility behavior). Be aware the SKILL.md may ask you to paste your existing form code for diagnosis — only provide code you are comfortable sharing. Note a minor metadata inconsistency: top-level listing showed no homepage/source, but clawhub.json includes a GitHub link; if provenance matters, you may want to verify the repository referenced in clawhub.json before trusting external links or copying example code.
Review Dimensions
- Purpose & Capability
- okName, description, and the SKILL.md all focus on form structure, validation rules, error handling, and accessibility. There are no unrelated requirements (no env vars, binaries, or config paths) that contradict the stated purpose.
- Instruction Scope
- okSKILL.md contains guidelines, checklists, question prompts for scoping, and code-output templates. It does not instruct the agent to read system files, access credentials, or transmit data to external endpoints. The only potential user-data interaction is the expected step of examining user-provided code samples, which is appropriate for this kind of helper.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no bundled code — nothing is written to disk and no external packages are fetched during install.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. Its guidance references common libraries (RHF, Zod, Formik, Yup) only as recommendations; it does not require access to external services or secrets.
- Persistence & Privilege
- okFlags show default behavior (always: false, user-invocable: true, disable-model-invocation: false). The skill does not request elevated persistence or to modify other skills/config; autonomous invocation is allowed by platform default and is not a special privilege here.