Back to skill
Skillv0.1.0
ClawScan security
pca-decomposition · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 7:45 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only PCA/varimax guide that is internally consistent with its stated purpose; it makes no unusual environment or install demands, though it assumes common Python libraries without declaring them.
- Guidance
- This skill is an instruction-only guide for performing PCA with varimax rotation and appears coherent and low-risk. Before using it: (1) ensure you have the required Python libraries (pandas, scikit-learn, factor_analyzer) installed from trusted sources; (2) run the example code on non-sensitive or test data first to confirm behavior; and (3) note that the SKILL.md provides guidance only — it won't install dependencies for you. If you need automated execution, verify what runtime will execute the code and whether it has access to your files or network.
Review Dimensions
- Purpose & Capability
- okName and description match the instructions: the SKILL.md describes PCA with varimax rotation and gives examples for factor analysis and attribution. There are no requested credentials, binaries, or unrelated requirements.
- Instruction Scope
- noteInstructions stay within expected bounds (data standardization, PCA, interpreting loadings). Example code reads a CSV and references dataframe variables — normal for an analysis guide. The doc does not instruct reading system files, environment variables, or transmitting data externally. Note: it presumes you will run the provided Python snippets in your environment.
- Install Mechanism
- noteNo install spec (lowest risk). However, the guide uses Python libraries (scikit-learn, factor_analyzer, pandas) but does not declare or provide installation instructions for those dependencies; this is an interoperability/documentation omission rather than a security problem.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not ask for any secrets or unrelated permissions.
- Persistence & Privilege
- okalways:false and no install or code files — the skill does not request persistent presence or elevated privileges.