Back to skill
Skillv2.0.1
ClawScan security
Maintenance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 1:47 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested resources are consistent with a local, offline home-maintenance CLI that stores data under ~/.local/share/maintenance and does not request unrelated credentials or network access.
- Guidance
- This skill appears to do exactly what it says: it creates and writes logs and exports under ~/.local/share/maintenance and runs only standard shell utilities. Before installing, review the script if you want to be certain (it is included in the package). Note that data is stored unencrypted in your home directory, exports are plain files, and JSON export does minimal escaping so special characters may produce malformed JSON — if that matters, back up the directory or inspect exported files. If you do not trust the repository author, avoid running the script; otherwise the footprint is local and proportional to the stated purpose.
Review Dimensions
- Purpose & Capability
- okName/description match the delivered functionality: a local CLI that logs maintenance items, shows stats, searches, and exports. It does not ask for unrelated credentials or system access.
- Instruction Scope
- okSKILL.md and the script limit operations to the data directory (~/.local/share/maintenance). Instructions do not direct the agent to read unrelated system files, send data externally, or perform privileged actions.
- Install Mechanism
- okThere is no network install spec; the repository provides a shell script. Nothing is downloaded from external URLs or installed system‑wide by the skill itself.
- Credentials
- okNo environment variables or credentials are required. The script uses the standard HOME variable and standard CLI tools (grep, tail, du, wc), which is appropriate for a local CLI tool.
- Persistence & Privilege
- okThe skill is not always-enabled and is user-invocable. It writes only to its own data directory and history.log and does not modify other skills or global agent configuration.