Back to skill
Skillv1.0.0
ClawScan security
api-development-expert · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 3:33 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only API design/development persona whose declared purpose matches its instructions and it requests no extra privileges or installs.
- Guidance
- This skill is internally coherent and does not ask for secrets or install software. Still: review any code, deployment commands, or configuration it produces before executing them; never paste real production credentials into the conversation; run generated code in a safe/test environment and perform your own security review before deploying.
Review Dimensions
- Purpose & Capability
- okName and description (API design and implementation) match the SKILL.md content; there are no unrelated env vars, binaries, or installs requested.
- Instruction Scope
- okSKILL.md contains high-level, scoped guidance for designing, implementing, testing, and documenting RESTful APIs and does not instruct reading system files, accessing credentials, or contacting external endpoints.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk or downloaded as part of the skill itself (lowest install risk).
- Credentials
- okThe skill requires no environment variables, credentials, or config paths; requested access is proportionate (none) to the stated function.
- Persistence & Privilege
- okSkill is not always-enabled and does not request elevated persistence; model invocation is allowed (platform default), which is expected for an actionable persona.