Back to skill
Skillv0.1.0
ClawScan security
erlang-distribution · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 7:16 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only Erlang distribution guide whose requirements and instructions match its stated purpose and do not request extra credentials, installs, or unrelated access.
- Guidance
- This skill is a documentation/instruction bundle for Erlang distribution and appears internally consistent. However, the code snippets, if executed, will change BEAM node state (connect/disconnect nodes, set/get cookies, spawn remote processes) and can affect clusters and networking. Only run these snippets in a controlled/test environment, verify cookie values and node names before executing, and review any copied code for side effects (node shutdowns, network connections) before using in production.
Review Dimensions
- Purpose & Capability
- okName/description (Erlang distribution, node connectivity, clustering, supervision, etc.) align with the SKILL.md content: code samples and prose all target BEAM distribution concerns. There are no unrelated credentials, binaries, or install steps requested.
- Instruction Scope
- okThe SKILL.md contains Erlang code snippets and guidance limited to node connectivity, message passing, global registration, and distributed supervision. It does not instruct the agent to read unrelated files, access external endpoints, or exfiltrate data. Note: code references node cookies and node/network operations — appropriate for the stated domain but executing the snippets will alter node state and network connectivity.
- Install Mechanism
- okNo install specification and no code files beyond SKILL.md. This is low-risk: nothing is written to disk by the skill itself and no external packages or download URLs are requested.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The SKILL.md references Erlang runtime state (cookies, nodes) which is proportional to an Erlang distribution guide and does not indicate excessive access requests.
- Persistence & Privilege
- okThe skill is not always-enabled and uses default model invocation settings. It does not request persistent installation, nor does it modify other skills or system-wide agent settings.