Back to skill
Skillv0.1.3
ClawScan security
Random Coffee Best Fit Outreach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 5:46 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, instructions, and single helper script are coherent with an offline, consent-first random-coffee matching workflow and do not request unrelated credentials or network installs.
- Guidance
- This skill appears to do what it claims: run an offline matching workflow using local, consented CSV data and produce local review packets. Before using it: (1) verify participant data is properly consented and stripped of private profile text/handles, (2) run the included tests (pytest) and inspect the repository's src/random_coffee_matcher package locally to confirm behavior, (3) keep generated packets local and perform any outreach manually per the runbook, and (4) run the tool in an isolated environment if you want extra assurance (no network access required).
Review Dimensions
- Purpose & Capability
- okName/description ask for offline ranking and packet generation; the only runtime requirement is Python and the bundled wrapper script simply invokes a local CLI from the repo. No unrelated credentials, binaries, or config paths are required.
- Instruction Scope
- okSKILL.md confines actions to local CSV inputs, local reports, and manual operator handoff. Commands shown run the local CLI/module and test suite. The instructions explicitly forbid external communication from the public skill and call out consent rules.
- Install Mechanism
- okThere is no install spec—this is instruction-only plus a small launcher script. Nothing is downloaded or written during install by the skill itself.
- Credentials
- okNo environment variables, secrets, or external credentials are requested. The skill expects operator-supplied, consented participant data and documents privacy-preserving practices.
- Persistence & Privilege
- okThe skill is not forced-always and does not request persistent system-wide privileges or modify other skills. It merely runs local code when invoked.