Skillv1.0.0

ClawScan security

Agent Debate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 2, 2026, 9:02 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requested actions (spawning sub-agents and using a file-based debate folder) match its description and require no extra credentials or installs, but the file-based coordination model has a few practical safety considerations to watch for.
Guidance: This skill appears coherent for facilitating multi-agent debates, but take the following precautions before installing or running it: 1) Avoid putting secrets or sensitive data into the debate question or agent files — these are written to disk and could be read later. 2) Sanitize the debate topic input (debate-{topic}) to prevent path traversal or accidental writes outside the intended folder; use a controlled folder name or a whitelist. 3) Restrict file permissions on plans/debate-{topic}/ and run debates in an isolated or ephemeral workspace if possible. 4) Confirm the agent runtime limits (models referenced in SKILL.md may not match your environment) and that spawned sub-agents only have access to the intended folder. 5) If you will run red-team patterns, audit outputs carefully before acting on them. With those mitigations this skill is consistent with its purpose.

Purpose & Capability: okThe name/description (coordinate multiple agents to debate and synthesize positions) aligns with the SKILL.md instructions: spawn multiple agents, have them write positions to plans/debate-{topic}/, then run a synthesis agent. No unrelated binaries, env vars, or installs are requested.
Instruction Scope: noteInstructions are narrowly scoped to reading/writing files under plans/debate-{topic}/ and performing synthesis. This is consistent with the stated purpose. Practical risks: the skill stores debate content on disk (which can leak sensitive content if users place secrets in question.md or agent files), and the topic interpolation (debate-{topic}) could permit path traversal or unexpected paths if untrusted topic strings are used. The SKILL.md does not instruct reading system files or environment variables outside the debate folder.
Install Mechanism: okInstruction-only skill with no install spec and no external downloads — lowest-risk installation profile.
Credentials: okNo environment variables, credentials, or config paths are requested. The absence of secrets is appropriate for the declared functionality.
Persistence & Privilege: okalways is false and the skill does not request elevated/persistent privileges or modify other skills. Autonomous invocation is allowed by default (disable-model-invocation is false), which is expected for a skill that spawns sub-agents.