Skillv0.1.0

ClawScan security

reflow_machine_maintenance_guidance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 5, 2026, 5:27 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and examples match its stated purpose (analyzing reflow thermocouple/MES data and handbook rules) and it requests no credentials or installs, but it omits some practical dependency/config declarations you should verify before use.
Guidance: This skill appears to do what it says (compute reflow metrics from thermocouple/MES data and handbook rules) and does not request credentials. Before installing, confirm: 1) where the handbook should come from (upload, URL, or built-in) and whether you are comfortable providing that content; 2) that the agent runtime has Python and pandas available or else provide those dependencies; 3) the location and permissions for DATA_DIR (the examples read mes_log.csv and thermocouples.csv) so the skill only accesses intended files; and 4) that the MES/thermocouple data contain no sensitive IP you don't want processed. If any of these are unclear, ask the skill author to declare required config paths and runtime dependencies explicitly.

Purpose & Capability: okName/description describe reflow maintenance and thermocouple/MES/handbook analysis; the SKILL.md contains calculations, metrics, and example code that directly implement that purpose. No unrelated credentials, binaries, or network endpoints are requested.
Instruction Scope: noteInstructions tell the agent to read MES and thermocouple CSVs and to obtain a config from the handbook, and include concrete sample code. They reference a DATA_DIR and local CSV filenames, and assume access to the handbook, but the skill metadata does not declare required config paths or where the handbook lives. The instructions do not tell the agent to transmit data externally.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to write to disk, which is the lowest-risk install profile.
Credentials: noteThe skill requests no environment variables or credentials (proportionate), but the examples implicitly require Python and pandas and a DATA_DIR pointing to mes_log.csv/thermocouples.csv and access to the handbook. Those runtime requirements are not declared in the metadata and should be confirmed before use.
Persistence & Privilege: okalways is false and the skill does not request persistent or elevated agent privileges. It does not modify other skills or system-wide settings.