Back to skill
Skillv0.2.2
ClawScan security
best-skill-recommendations · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 6:32 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions are consistent with its stated purpose: it only uses the clawhub CLI to discover and (with explicit user confirmation) install or uninstall skills, and it asks for no extra credentials or system access.
- Guidance
- This skill appears coherent and limited to managing skills via the clawhub CLI. Before using it: ensure you trust the clawhub CLI and are logged in with the intended account; review any pre-install risk disclosures the skill presents (source, install counts, last update, author info); and confirm each install/uninstall when prompted. If you do not have or do not trust the clawhub CLI, do not run this skill.
Review Dimensions
- Purpose & Capability
- okName/description promise (evaluate and recommend skills, detect conflicts, and perform installs) aligns with the declared requirements: the skill needs the clawhub CLI and uses clawhub commands (search, list, install, uninstall). There are no unrelated credential or binary requests.
- Instruction Scope
- okSKILL.md instructions are narrowly scoped: they parse upstream candidates if available, otherwise run `clawhub search`, enumerate installed skills via `clawhub list`, and only run `clawhub install`/`uninstall` after explicit pre-install confirmation. The instructions do not direct the agent to read unrelated files, environment variables, or to send data to arbitrary external endpoints.
- Install Mechanism
- okNo install spec or bundled code — this is instruction-only and relies on an existing `clawhub` binary. That is the lowest-risk install posture for this kind of skill.
- Credentials
- okNo environment variables, secrets, or config paths are requested by the skill. The only external dependency is the user-authenticated `clawhub` CLI, which stores its own credentials; the skill itself does not request or require additional credentials.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills' configurations, and only performs install/uninstall actions after explicit user confirmation. Autonomous invocation is allowed (platform default) but is not combined with elevated privileges or broad credential access.