Back to skill
Skillv1.0.0
ClawScan security
Teamgram Database Schema · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 5:01 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a documentation-only skill that provides a schema reference for the open-source Teamgram Server; it requests no credentials, installs, or filesystem/network access and is coherent with its stated purpose.
- Guidance
- This skill is a static documentation reference pulled from the public teamgram-server repository (Apache-2.0) and appears internally consistent. Before installing, you may want to: (1) verify the GitHub repository link in the SKILL.md to ensure it points to the expected upstream project; (2) confirm the Apache-2.0 license meets your policies; (3) be aware that while the schema documents tables that would store sensitive data (auth_keys, messages, devices), the skill does not contain or request any real secrets. If a future version adds install steps, network calls, or requests credentials, re-evaluate for scope creep or unnecessary privileges.
Review Dimensions
- Purpose & Capability
- okThe name/description (Teamgram DB schema) match the SKILL.md content: a static schema reference and file paths in the teamgram-server repo. There are no unrelated requirements (no env vars, no binaries).
- Instruction Scope
- okSKILL.md is purely descriptive: table lists, ER relationships, and file path references. It contains no commands, no instructions to read system files or send data externally. It does reference the public GitHub repo URL, which is reasonable for a documentation skill.
- Install Mechanism
- okNo install specification or code files are provided — instruction-only. Nothing will be written to disk or executed by an installer as part of the skill.
- Credentials
- okThe skill declares no required environment variables or credentials. Although the schema describes tables that would store sensitive data (e.g., auth_keys), the skill itself does not request or transmit any secrets.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by default but the skill is read-only documentation, so autonomous actions have no effect.