Back to skill
Skillv1.0.0
ClawScan security
Task Planning · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 3:50 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only agile/task-planning skill whose requirements and instructions are consistent with its stated purpose and do not request elevated access or install software.
- Guidance
- This skill appears coherent and low-risk: it only provides planning templates and examples. Before using, be prepared to refuse or carefully vet any follow-up prompts that request API keys, database credentials, or access to your system — those would be outside this skill's stated scope. If you plan to copy example technical details into a project, verify any referenced services (e.g., SendGrid) and do not paste real secrets into chat or into outputs produced by the agent without secure handling.
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md content: templates for user stories, epics→stories→tasks, MoSCoW prioritization, and sprint planning. No unrelated binaries, environment variables, or config paths are requested.
- Instruction Scope
- noteThe SKILL.md is scoped to planning templates and examples. It includes technical notes (example API endpoints, DB tables, SendGrid) as illustrative content but does not instruct the agent to read local files, access environment variables, or transmit secrets. Be aware the examples mention external services (e.g., SendGrid) which could lead a user or agent to supply credentials later — the skill itself does not request them.
- Install Mechanism
- okNo install spec and no code files are present, so nothing is written to disk or installed.
- Credentials
- okNo environment variables, primary credential, or config paths are declared or used. The skill does not ask for secrets or tokens in its instructions.
- Persistence & Privilege
- okalways is false and the skill does not request persistent presence or modify other skills/config. Autonomous invocation is allowed by default but is not combined with any broad privileges here.