Back to skill
Skillv1.0.0
ClawScan security
Auto Parts Quality Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 11:07 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only automotive quality-analysis guide whose requested assets and instructions match its stated purpose and do not request unrelated credentials, installs, or external endpoints.
- Guidance
- This skill is an instruction-only reference for automotive quality analysis and appears coherent with its description. Before installing: consider whether you want an agent to use these domain checklists autonomously (default agent invocation is allowed), and avoid providing unrelated credentials to the agent. If you expect the agent to process sensitive customer or supplier data, ensure your environment and data-handling policies are appropriate (the skill itself does not request external endpoints or secrets). If you need stronger assurance, request a provenance/source URL or author contact since the package lists no homepage or known publisher.
Review Dimensions
- Purpose & Capability
- okThe name/description (automotive parts quality analysis) aligns with the content: structured workflows, checklists, SPC/MSA/FMEA guidance, and failure-mode libraries. There are no demands (binaries, env vars, credentials) that are unrelated to this domain.
- Instruction Scope
- okSKILL.md contains only domain-specific instructions and templates (problem definition, evidence collection, 8D checklists, SPC interpretation). It references the included local reference files for detailed guidance and does not instruct the agent to read arbitrary system files, call external endpoints, or exfiltrate data.
- Install Mechanism
- okThere is no install spec and no code files beyond the documentation; nothing will be downloaded or written to disk. This is the lowest-risk installation mode and matches the skill type (instruction-only).
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths and the instructions do not reference any secrets. No disproportionate access is requested for the stated functionality.
- Persistence & Privilege
- okalways is false (default) and autonomous invocation is allowed (platform default). There is no attempt to modify other skills or system-wide configs and no request for permanent presence or elevated privileges.