Skillv1.0.0

ClawScan security

Teamgram Messaging Sync · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 15, 2026, 4:40 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This is a documentation-only skill describing Teamgram's messaging delivery and sync architecture; it contains no install steps, no required credentials, and no runtime instructions that access local secrets or perform network calls.
Guidance: This skill is documentation-only and appears internally consistent with its description. Before installing, you may: (1) preview the SKILL.md to confirm it contains only reference material you expect; (2) optionally verify the referenced GitHub repo (https://github.com/teamgram/teamgram-server) and license (Apache-2.0) if you need upstream context; and (3) be aware that, while this skill itself is low-risk, any future edits that add install steps, downloads, or required credentials would change its risk profile and should be re-reviewed.

Purpose & Capability: okThe name and description match the actual content: design and code-path documentation for Teamgram's messaging/sync layers. Nothing requested (env vars, binaries, installs) is out of line with a documentation/knowledge skill.
Instruction Scope: okSKILL.md is static documentation with code snippets and repository references. It does not instruct the agent to run commands, read arbitrary local files, exfiltrate data, or call external endpoints; the included 'securityNotes' explicitly states it's documentation-only.
Install Mechanism: okNo install spec or code files are present. As an instruction-only skill, it writes nothing to disk and does not download external artifacts.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There are no environment accesses in the SKILL.md.
Persistence & Privilege: okalways is false and the skill does not request persistent privileges or attempt to modify agent/system-wide settings. It is user-invocable only.