Back to skill
Skillv1.0.0
ClawScan security
Senior Developer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 10, 2026, 9:57 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only 'Senior Developer' persona whose declared purpose, required resources, and instructions are coherent and proportionate — it does not request credentials, install software, or instruct access to unrelated system secrets.
- Guidance
- This skill is internally consistent and lightweight: it only supplies a senior-developer persona and coding guidelines and does not request credentials or install software. Before enabling it, confirm you trust the host environment and other agents it will read (the SKILL references ai/system/* and a PM agent task list), avoid using it to handle secrets or deploy to production without additional safeguards, and review any referenced files (ai/agents/dev.md, ai/system/*) if present — those could expand what the agent is allowed to do at runtime.
Review Dimensions
- Purpose & Capability
- okName and description (senior developer, Laravel/Livewire/FluxUI/Three.js expertise) match the SKILL.md, AGENTS.md, IDENTITY.md and SOUL.md content. There are no extraneous environment variables, binaries, or installs required that would be inconsistent with a development persona.
- Instruction Scope
- noteInstructions define persona, coding standards, and implementation/process guidance. They reference other agent docs and a PM agent task list (e.g., ai/agents/dev.md, ai/system/*). This is expected for a multi-agent/workflow environment, but it implies the agent will read inter-agent task context and internal docs — verify those referenced files and inter-agent flows are trustworthy before granting broad runtime access.
- Install Mechanism
- okNo install spec, no code files that would be written/executed. Instruction-only skills are lower risk because nothing is downloaded or installed by the skill itself.
- Credentials
- okThe skill does not declare any required environment variables, credentials, or config paths. There are no disproportionate secrets or unrelated credentials requested.
- Persistence & Privilege
- okalways is false and model invocation is allowed (the platform default). This is normal for an agent persona; there is no request for permanent system presence or modification of other skills' configurations.