Back to skill
Skillv0.1.0-canary.1
ClawScan security
Acong Hello World · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 9:08 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a minimal, instruction-only smoke-test skill that declares no credentials, no installs, and its SKILL.md explicitly states it does nothing — the metadata is coherent with its stated purpose.
- Guidance
- This skill is a harmless minimal canary used to validate the publish/discovery pipeline. It requests no credentials and contains no install steps, so risk is negligible; still, only install skills you trust and briefly inspect their SKILL.md before enabling them. If you require stricter guarantees, prefer skills with an explicit homepage or repository and a maintainer you recognize.
Review Dimensions
- Purpose & Capability
- okName, description, and SKILL.md all describe a minimal smoke-test skill. There are no environment variables, binaries, or install steps requested that would be disproportionate to a validation/test artifact.
- Instruction Scope
- okSKILL.md contains only documentation and a statement that the skill does nothing functional. It does not instruct the agent to read files, call external endpoints, access credentials, or perform other activities outside a smoke test.
- Install Mechanism
- okNo install spec and no code files are included. Being instruction-only is the lowest-risk install model and matches the skill's stated purpose.
- Credentials
- okNo environment variables, credentials, or config paths are requested. Nothing in the files justifies additional secrets or access.
- Persistence & Privilege
- okalways is false and there is no indication the skill modifies agent or system configuration. Autonomous invocation is allowed by default on the platform but the skill contains no autonomous actions.