Back to skill
Skillv2.0.2
ClawScan security
Leaderboard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 10:46 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent with its stated purpose: a small, offline CLI leaderboard that stores logs under ~/.local/share/leaderboard and has no network calls or credential requirements.
- Guidance
- This skill runs entirely locally and stores all data in ~/.local/share/leaderboard (history and per-command .log files). Before installing, review that you're comfortable with persistent local logs and exports (exports include all logged entries). There are no network calls or credential requests. A minor implementation note: the JSON export may produce formatting issues (the script appends a literal "\n]"), but that is a functional bug rather than a security concern. If you need strict privacy, back up or remove the data directory when finished; otherwise the skill appears safe and coherent for its stated purpose.
Review Dimensions
- Purpose & Capability
- okName and description (record scores, rank players, analyze stats) match the provided script and SKILL.md. All required functionality is implemented locally and stored under ~/.local/share/leaderboard; no unrelated credentials, binaries, or services are requested.
- Instruction Scope
- okSKILL.md and the runtime script keep scope to leaderboard operations (commands, local storage, export, search). The instructions do not request unrelated files, environment variables, or external endpoints. The skill does automatically log activity to history.log (explicitly documented).
- Install Mechanism
- okNo install spec; the skill is instruction + a single shell script. Nothing is downloaded or extracted from remote URLs during install.
- Credentials
- okThe skill requires no environment variables, no credentials, and no config paths beyond its documented data directory (~/.local/share/leaderboard). This is proportionate to its purpose.
- Persistence & Privilege
- okalways:false and no system-wide changes are requested. The skill writes only to its own data dir and does not modify other skills or global agent settings.