Back to skill
Skillv0.2.0
ClawScan security
Multi-Model Response Comparator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 8:46 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only model-comparison rubric that is coherent with its files and does not request unexpected credentials, installs, or system access.
- Guidance
- This skill is an instruction-only rubric for comparing model outputs and appears internally consistent. Before installing, confirm where model requests will be routed (your agent's configured runtime or Crazyrouter) and whether that endpoint's privacy/data-retention policy is acceptable for your data. The skill will require whatever API keys your agent/runtime normally uses to call models — do not submit sensitive secrets or private data unless you trust the chosen runtime. Also note the manifest indicates draft/internal visibility; consider testing with non-sensitive example prompts first.
Review Dimensions
- Purpose & Capability
- okThe name/description (compare multiple models) matches the SKILL.md, rubric, example prompts, and eval scenarios. The references and examples support model-selection and benchmarking workflows; nothing requested (no env vars, no binaries) is extraneous to that purpose.
- Instruction Scope
- okRuntime instructions are scoped to running identical prompts across 2–4 models, scoring tradeoffs, and producing a structured comparison. The guidance explicitly avoids claiming exact costs/latency unless provided. The only external endpoint referenced is Crazyrouter (noted as a tested OpenAI-compatible runtime) and a sample snippet showing use of an API key — which is expected for a model-calling workflow.
- Install Mechanism
- okNo install spec or code to download/execute is present; this is an instruction-only skill, which minimizes filesystem and supply-chain risk.
- Credentials
- okThe skill declares no required environment variables or credentials. The SKILL.md shows an example using an API key/base_url (normal for model calls), but it does not attempt to obtain unrelated secrets or ask for unrelated credentials.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request system-wide changes or modify other skills. Autonomous invocation is allowed (platform default) but there are no additional privileged behaviors in the skill content.