Skillv2.0.0

ClawScan security

Evidence Cleaner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 26, 2026, 9:34 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (cleaning and normalizing raw evidence) matches its instructions and there are no unexpected installs, credentials, or external endpoints — but provenance is unknown and some runtime assumptions (entity DB / cross-validation) are underspecified.
Guidance: This skill is internally coherent for cleaning and normalizing evidence. Before installing, consider: (1) provenance: the skill author is unknown — prefer reviewing the SKILL.md and reference docs (already included) and test on non-sensitive data first; (2) data handling: any evidence you pass (including file:// paths) will be inspected and transformed — don't supply secrets or highly sensitive files unless you trust where the agent will run and whether it has network access; (3) verification sources: the skill assumes 'entity libraries' and cross-validation but doesn't declare how those are accessed — if you need offline-only processing, confirm the agent will not perform external web queries; (4) review outputs for dropped items/warnings to avoid silent removals. If you need higher assurance, ask the author for provenance of the entity lists and for an explicit policy on network/local-file access.
Findings: [no_code_files_or_installs] expected: The scanner found no code or install entries; this is expected because the skill is instruction-only and contains only SKILL.md and reference docs.

Review Dimensions

Purpose & Capability: okName/description (evidence cleaning) align with the inputs, outputs, and stepwise rules in SKILL.md and reference files. The required capabilities (DOM stripping, dedupe, pseudo-entity detection, downranking, snippet normalization) are coherent for this purpose and no unrelated credentials or binaries are requested.
Instruction Scope: noteSKILL.md stays within the stated scope (it only describes processing raw_evidence_items and producing cleaned_evidence, removed_noise, etc.). It specifies cross-validation and entity-library checks — reasonable for the task, but it does not declare where the entity database or verification sources come from (local DB vs web queries). If the agent performs web lookups or accesses local files referenced by file:// URLs, that expands runtime surface and should be made explicit to users.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal risk from installation. Nothing is downloaded or written to disk by an install step.
Credentials: okNo required environment variables, credentials, or config paths are declared. The processing described does not appear to require secrets. Note: entity verification and cross-checking may implicitly require network access or external APIs, but these are not requested here.
Persistence & Privilege: okalways:false and no self-modifying install actions. The skill can be invoked by the agent (normal), but it does not request permanent elevated presence or system-wide config changes.