Back to skill
Skillv2.0.0
ClawScan security
Teamgram RPC Development · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 3:10 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only developer guide for Teamgram RPC development; its contents, requirements, and footprint are coherent with that purpose and contain no unexplained requests for credentials, installs, or external access.
- Guidance
- This is a documentation-only skill and appears coherent with its stated purpose, so risk from the skill itself is low. Before using the provided code in production: (1) verify the skill's provenance (source/homepage is unknown) and confirm licensing and author trustworthiness; (2) review examples that touch secrets (Vault, /run/secrets, ENV) to ensure you won't accidentally deploy insecure secret handling; (3) lint/scan and run examples in an isolated environment before integrating; and (4) never paste real credentials into examples — replace with safe test values or use your organization's secret-management best practices.
Review Dimensions
- Purpose & Capability
- okThe skill is an authored development guide (docs + code examples) for building RPC services; it requests no binaries, env vars, installs, or config paths — all of which is proportionate to a documentation-only skill.
- Instruction Scope
- okSKILL.md and reference files are documentation and code examples only. They do not instruct the agent to run host commands, contact hidden endpoints, or exfiltrate data. Some examples show reading secrets or using Vault (expected for production guidance) but the guide does not itself attempt to access runtime secrets.
- Install Mechanism
- okThere is no install spec and no code files that will be executed by the platform; this is lowest-risk (instruction-only) delivery.
- Credentials
- noteThe skill declares no required env vars or credentials (good). Reference code demonstrates integration with Vault, environment variables, and /run/secrets — appropriate for examples but users should avoid copying secret-loading code into production without review.
- Persistence & Privilege
- okThe skill does not request persistent presence (always=false) nor modify agent/system configuration; autonomous invocation is allowed (platform default) but does not increase risk given the skill is documentation-only.