Skillv1.1.0

ClawScan security

opsec.md · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 21, 2026, 12:57 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only PSA about operational security; it contains no code, install steps, or credentials and its contents are consistent with its stated purpose.
Guidance: This is a short, coherent opsec reminder and appears safe to install because it contains no executable code or credential requests. Keep in mind: it's an opinion/PSA, not a formal security policy — verify any external links or contact details before sharing sensitive information or sending money, and continue to validate skills and code with trusted reviewers rather than treating this as authoritative guidance.

Purpose & Capability: okName/description match the files: a brief opsec reminder. No binaries, env vars, or unrelated permissions are requested that would contradict the stated purpose.
Instruction Scope: okSKILL.md and supporting files are a human/agent-facing guide advising not to run unknown code; they do not instruct the agent to read arbitrary files, call external services, or exfiltrate data.
Install Mechanism: okNo install spec or code files are provided; this is instruction-only so nothing is written to disk or downloaded by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths; contact info and homepage URLs are present but not required for operation.
Persistence & Privilege: okNo elevated persistence requested (always:false). The skill is user-invocable and can be autonomously invoked by the agent by default, which is the platform norm and acceptable here given the content.