Pluginv0.1.0

ClawScan security

ClawhubAI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 7:45 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is an instruction-only content bundle (social media copy + images) with no runtime instructions, no installs, and no requested credentials — it appears to be what it says (static marketing assets).
Guidance: This skill is just a static collection of social-media copy and images; it does not request credentials, install anything, or instruct the agent to run commands, so it is internally coherent and low risk. Before installing: (1) review the SKILL.md raw text for hidden/zero-width characters (pre-scan flagged unicode-control-chars), (2) confirm you trust the repository owner or source of these marketing assets, and (3) if you plan to let agents invoke skills autonomously, remember this one has no active behavior — but always review any skill that requests env vars or an install spec before granting access.
Findings: [unicode-control-chars] unexpected: The pre-scan detected unicode control characters in the SKILL.md content. Given the SKILL.md is essentially empty, this is unexpected but low impact here because the skill has no runtime instructions or credentials. It could be harmless (zero-width spacing in files or image metadata) but you may want to inspect the raw SKILL.md for hidden characters before enabling automatic invocation.

Purpose & Capability: noteThe skill name/description are minimal and not descriptive, but the repository contains only static marketing text and PNG assets (social posts promoting a govtech product). Nothing in the package requests credentials, binaries, or platform access. The declared purpose is vague, but the actual contents are coherent with a static asset/template skill.
Instruction Scope: okSKILL.md contains essentially no runtime instructions (a header and one word). There are no commands, no references to files/paths/env vars, and no steps that would make the agent read or transmit system data. The agent would have no runtime actions to perform beyond exposing the included static content.
Install Mechanism: okNo install spec and no code files — nothing is written to disk or downloaded at installation time. This is the lowest-risk install profile (instruction-only static content).
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. There is no disproportionate access requested relative to the contained functionality.
Persistence & Privilege: okSkill flags are non-privileged (always: false, user-invocable: true). disable-model-invocation is false which is normal; the skill can be invoked autonomously when eligible, but it has no runtime behavior to run autonomously beyond exposing static assets.