Back to skill
Skillv1.0.1
ClawScan security
Refactor Safely · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 20, 2026, 6:58 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only, domain‑specific refactoring helper; its requirements and instructions align with its stated purpose and it does not request credentials, install code, or perform unexpected actions.
- Guidance
- This skill is a harmless, instruction-only refactoring advisor. Before using it, remember: you must provide the code/context you want refactored (the skill won't access your repos or files by itself). Don't paste secrets or credentials into prompts. If you plan to let an agent with repository access act autonomously, ensure the agent's repository permissions and branch protections are set appropriately (this skill itself doesn't request credentials or perform installs).
Review Dimensions
- Purpose & Capability
- okName/description match the content: SKILL.md describes stepwise, test-first refactoring guidance. There are no unrelated environment variables, binaries, or installs requested.
- Instruction Scope
- okInstructions are limited to planning and executing refactor steps, tests, and rollback strategy. They do not direct the agent to read unrelated system files, exfiltrate data, or call external endpoints.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only so nothing is downloaded or written to disk by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are required. The requested scope is proportional to a planning/advisory refactor skill.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent presence or modify other skills or system settings.