Skillv1.0.1

ClawScan security

Conatus · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 25, 2026, 11:55 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are internally consistent with its stated purpose: it is an instruction-only, in-agent self-analysis layer that reads/writes agent memory and telemetry to produce philosophical reports.
Guidance: This skill is an instruction-only 'philosophy layer' that expects the agent to read its telemetry and memory files and to write reports back into memory. Before installing: (1) confirm you are comfortable with the agent reading/writing the specific memory files referenced (heartbeat and daily memory logs), (2) if you run multiple agents, consider whether you want their conatus scores compared (that requires cross-agent data access), (3) note there is no external binary or credential requirement — the computations run inside the agent — and (4) if you need tighter control, disable autonomous invocation or restrict memory access so the agent cannot perform fleet comparisons or persist reports without explicit permission. If you care about provenance, verify the skill's homepage/author (source is listed as unknown in the registry metadata).

Review Dimensions

Purpose & Capability: okThe skill describes mapping agent behavior to Spinoza's affects and generating reports. The SKILL.md only asks the agent to use session/telemetry and memory files (heartbeat, daily memory) to compute scores and reports — these are coherent with the described purpose. No unrelated credentials, binaries, or external services are requested.
Instruction Scope: noteInstructions tell the agent to read and write memory files (e.g., memory/YYYY-MM-DD.md, memory/conatus-log.md, HEARTBEAT.md) and to compare scores across agents in a fleet. This is within scope for an introspective/reporting skill, but it implicitly requires access to agent memory/telemetry and, for multi-agent comparisons, access to other agents' data. The SKILL.md also refers to running a 'conatus self-analysis' but provides no external binary — this implies the agent should perform the computations internally. If you restrict agent access to memories or to other agents' data, some of the features (daily reflections, fleet comparisons) will not work.
Install Mechanism: okThere is no install spec and no code files — the skill is instruction-only. This is lower risk since nothing is downloaded or written to disk by an installer. The runtime behavior depends on the agent executing the textual instructions.
Credentials: okThe skill requests no environment variables, credentials, or config paths. Its data needs (telemetry and memory files) are appropriate for the stated purpose. There are no disproportionate or unexplained secret/credential requests.
Persistence & Privilege: ok'always' is false and model invocation is allowed (platform default). The skill suggests writing reports/logs to agent memory (e.g., memory/conatus-log.md), which is expected for a monitoring/reporting skill. It does not request system-wide configuration changes or broader persistent privileges.