Back to skill
Skillv1.0.0
ClawScan security
Bayesian Thinking · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 12:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that coherently implements a Bayesian-reasoning checklist and does not request credentials, install software, or instruct the agent to access files or external systems.
- Guidance
- This skill is instruction-only and internally consistent with its stated purpose. It does not request credentials or perform I/O, so it poses little direct security risk. Consider: (1) provenance — the owner and homepage are unknown, so if you require vetted authorship prefer skills with a known source; (2) autonomy — the agent may call this skill autonomously by default; if you don't want that, disable autonomous invocation; (3) domain risk — Bayesian outputs are probabilistic and depend on priors and likelihood estimates; do not treat the skill's numeric outputs as authoritative for high‑stakes decisions without human review and domain expertise.
Review Dimensions
- Purpose & Capability
- okThe name/description (Bayesian thinking) matches the SKILL.md: step-by-step guidance for defining hypotheses, priors, likelihoods, and updating to posteriors. Nothing requested (no env vars, binaries, or config paths) is unrelated to that purpose.
- Instruction Scope
- okRuntime instructions are a procedural checklist for reasoning about user-provided problems. They do not tell the agent to read system files, env vars, network endpoints, or transmit data elsewhere. The scope stays within analyzing the user's topic and showing calculations/explanations.
- Install Mechanism
- okNo install spec and no code files — the skill is instruction-only, so nothing is written to disk or fetched during install.
- Credentials
- okThe skill requires no credentials, environment variables, or config paths. There is no disproportionate request for secrets or unrelated access.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide changes. disable-model-invocation is false (default autonomous invocation allowed) — normal behavior and not concerning here since the skill has no external side effects or elevated access.