Back to skill
Skillv1.0.1
ClawScan security
Session Rotate 80 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 2:16 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with its stated purpose of emitting a new-session trigger at 80% context usage; it does not request credentials, network access, or unusual installs.
- Guidance
- This skill appears coherent and low-risk: it simply computes used/max ratio and prints standardized trigger lines. Before installing, confirm how your agent supplies used_tokens and max_tokens (ensure those values come from the agent runtime and not untrusted input). Note that the script has no cooldown — repeated checks at or above threshold will repeatedly emit triggers, so integrate it into your heartbeat logic (or add a cooldown/state) to avoid spamming new-session events. If you require stricter guarantees, review/modify the script to add cooldowns, logging, or confidence checks appropriate to your platform.
Review Dimensions
- Purpose & Capability
- okName/description match the included script and SKILL.md. The single Python script and instructions are exactly what you'd expect for a threshold-based session-rotation helper; no unrelated binaries, env vars, or services are requested.
- Instruction Scope
- okSKILL.md instructs the agent to read current context usage and call the bundled script with used/max tokens. The instructions do not ask the agent to read unrelated files, access credentials, or send data externally. They are specific and scoped to the purpose.
- Install Mechanism
- okNo install spec; the skill is instruction-only with a small included script. No downloads, package installs, or archive extraction are performed.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The functionality (token ratio check → printed triggers) does not require secrets or external service access.
- Persistence & Privilege
- okalways is false and model invocation is allowed (default). The skill does not modify other skills or system settings and has no persistence or privileged installation steps.