Back to skill
Skillv0.1.0
ClawScan security
ac-branch-pi-model · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 4:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill implements the stated AC branch pi-model and is internally consistent; it doesn't request credentials or install remote code, but there are minor workmanship issues to be aware of (undeclared Python dependency and an example that reads /root/network.json).
- Guidance
- This skill appears to do exactly what it claims (compute AC branch flows). Before running: ensure you execute it in a Python environment with numpy installed, review and replace the example's /root/network.json path with a safe/test dataset (to avoid the agent reading host files), and run it in a sandbox if you don't trust the source. The only real coherence issues are: (1) numpy is required but not declared, and (2) the example references an absolute host path — neither is evidence of malice, but both are worth correcting.
Review Dimensions
- Purpose & Capability
- okThe SKILL.md, name, description, and the included Python implementation all align: the code computes per-unit branch flows for MATPOWER-style branch rows and matches the documented equations. There are no unrelated requirements (no cloud creds, no unusual binaries).
- Instruction Scope
- noteThe runtime instructions and example focus only on local numeric computation and using the provided script. The example shows opening /root/network.json (an absolute host path) which could cause an agent to read a sensitive host file if followed verbatim — the SKILL.md doesn't otherwise instruct broad file access or external network calls. The code expects numpy arrays shaped like MATPOWER data.
- Install Mechanism
- noteThere is no install spec (instruction-only), which minimizes risk. However, the included Python file imports numpy (and uses Python) but the skill metadata does not declare this dependency or an install step to ensure numpy is available — a minor coherence gap.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not attempt to access external services or secrets.
- Persistence & Privilege
- okalways is false and the skill does not request or modify persistent agent/system settings. It does not write installers or change other skills' configs.