Back to skill
Skillv1.0.0
ClawScan security
Jarvis Ci Flake Hunter 01 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 6:33 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only, high-level playbook that doesn't request any credentials or install anything; coherent but more general than its CI-specific name suggests.
- Guidance
- This skill is safe from a permissions perspective — it only contains a generic playbook and asks for inputs you would provide. Be aware it will not itself run CI jobs or perform deterministic isolation; if you need automated flake detection or CI integration, look for a skill that explicitly lists CI commands, required CI tokens, or test-runner integrations. Avoid supplying secrets or CI tokens to the agent unless you trust it and have audited the skill; if you plan to let the agent act on repositories or CI systems, test in a sandboxed environment first and verify any generated commands before running them.
Review Dimensions
- Purpose & Capability
- noteThe skill's name and description claim 'Track and reduce flaky tests with deterministic isolation', but the SKILL.md is a generic development playbook (define success, checkpoints, quality gates, outputs) and contains no CI/test-specific commands, test isolation steps, or references to CI systems. This is likely fine for a human-guided planning assistant but may not meet expectations if you expected automated flake-detection or CI integration.
- Instruction Scope
- okThe runtime instructions are high-level guidance only; they do not tell the agent to read arbitrary system files, access environment variables, contact external endpoints, or execute commands. The agent may process any artifacts you explicitly provide (code, logs, screenshots), but the skill itself does not instruct unexpected data collection or transmission.
- Install Mechanism
- okNo install spec and no code files — lowest-risk model. Nothing is downloaded or written to disk by the skill manifest.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. It does not request any secret or system access relative to its stated purpose.
- Persistence & Privilege
- okalways is false and there are no indications the skill modifies agent/system configuration or requests persistent presence. Autonomous invocation is enabled by default but not problematic here given the skill's benign footprint.