Skillv8.0.0

ClawScan security

Agent Ops Framework · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 23, 2026, 12:45 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is an instruction/reference pack about agent operations and its files and requirements are consistent with that purpose — nothing in the package appears to request unrelated credentials, install code, or phone-home behavior.
Guidance: This appears to be a documentation/reference skill and is internally consistent. Before installing or executing any included script: (1) inspect scripts/script.sh yourself — it only prints docs here, but you should avoid blindly running shell scripts; (2) be aware the SKILL.md contains prompt-injection examples (expected for security guidance) — these are not active instructions to the agent beyond the documented descriptions; (3) if you allow autonomous invocation, standard caution applies (review outputs before allowing external actions). If you need higher assurance, run the script in an isolated environment or simply use the SKILL.md content without executing any bundled code.
Findings: [ignore-previous-instructions] expected: The SKILL.md discusses prompt-injection attacks and explicitly quotes examples such as 'Ignore all previous instructions...'. The detector flagged that pattern, but its presence is part of the security documentation rather than an attempt to manipulate evaluation.

Purpose & Capability: okName/description (agent operations reference) match the included SKILL.md and the helper script which only emits reference text. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope: okSKILL.md contains only documentation commands and states there are no external API calls or credentials required. The included script.sh just prints heredoc documentation and does not read files, environment variables, or network endpoints.
Install Mechanism: noteNo install spec (instruction-only), which is low risk. There is a code file (scripts/script.sh) included but no installation or download steps; review before executing but inclusion alone is not inconsistent with the stated purpose.
Credentials: okThe skill declares no required env vars, no primary credential, and the documentation explicitly states no API keys are needed. There are no unexplained credential requests.
Persistence & Privilege: okalways is false (no forced presence) and the skill does not request elevated privileges or modify other skills' configuration.