Back to skill
Skillv0.1.0
ClawScan security
Jike · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 3:12 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a placeholder 'coming soon' music-integration skill with no code, no install steps, and no requested credentials—its declared capabilities align with what it actually requires (nothing).
- Guidance
- This skill is currently a stub/placeholder and appears safe to keep or remove — it does nothing today. Before installing or trusting future versions, check for: (1) any newly added install steps that download code from unknown URLs; (2) requests for environment variables or credentials (API keys, tokens, AWS creds) that are unrelated to the skill's stated purpose; (3) changes to 'always: true' or other privilege-escalating flags. Also verify the publisher/source or homepage when the skill becomes functional.
Review Dimensions
- Purpose & Capability
- okName/description describe a music-focused integration. The skill declares no binaries, env vars, config paths, or primary credentials — which is coherent for a placeholder/instruction-only 'coming soon' skill.
- Instruction Scope
- okSKILL.md contains only high-level marketing/roadmap text and no runtime instructions, commands, or file accesses. There is no scope creep because the skill currently performs no actions.
- Install Mechanism
- okNo install specification and no code files are present, so nothing is downloaded or written to disk. This is the lowest-risk installation profile.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. There are no disproportionate or unexplained secret requirements.
- Persistence & Privilege
- okFlags are default (always: false, user-invocable: true, model invocation allowed). There is no request for permanent presence or elevated privileges.