Skillv0.1.1

ClawScan security

Learn English By Programmer Jokes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 15, 2026, 3:37 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, data, and instructions align with its stated purpose (appending a short bilingual programmer joke to completed answers); it requires no credentials or external installs and does not perform unexpected I/O or network calls.
Guidance: This skill appears coherent and low-risk: it only selects and formats local jokes and appends one at the end of finished answers. Before enabling it broadly, consider: (1) the skill will autonomously inject a joke whenever it thinks a conversation is finished — if you prefer opt-in behavior, enable it only when needed; (2) sensitivity detection is simple keyword matching and may miss nuanced contexts (legal/medical/crisis), so review outputs in high-stakes workflows; (3) the bundled CSV includes some coarse or potentially offensive quotes (e.g., profanity and strong criticisms), so review/clean the CSV if you need stricter tone control; and (4) there is no network access or credential usage in the package. If you want stricter safety, test the skill in a sandboxed session and/or modify the sensitivity rules or the CSV before use.

Purpose & Capability: okName/description (append one short bilingual programmer joke to final responses) match the delivered artifacts: SKILL.md, a joke CSV, selection rules, and helper code to pick/format a joke. There are no unrelated environment variables, binaries, or external endpoints requested.
Instruction Scope: noteSKILL.md gives a narrow responsibility (append one joke after the main answer) and provides selection rules and a template. The skill grants the agent discretion to detect topic/sensitivity and decide when to append the joke; sensitivity detection is keyword-based (SENSITIVE_CONTEXT_KEYWORDS) and could produce false negatives/positives, so there's a small risk jokes may be appended in contexts you might prefer to avoid.
Install Mechanism: okThis is instruction-only with local helper scripts and data; there is no install spec, no downloads, and no external package fetching. The code is small and operates on local files (CSV, references).
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. All data usage is local (jokes CSV and generated reference files).
Persistence & Privilege: okalways is false and the skill does not request permanent/system-level privileges or modify other skills' configurations. It can be invoked autonomously (platform default), which is expected for this type of final-response rule.