Skillv1.0.0

ClawScan security

meeting-to-kanban · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 13, 2026, 5:59 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it declares only python3, uses a small local script and a local YAML template, and its instructions match the files included.
Guidance: This skill appears coherent and safe to inspect and run. Before using it: (1) review the included script (scripts/tasks_to_kanban.py) — it reads a user-supplied JSON file and writes a CSV, so ensure you pass the intended input path and an output path that won't overwrite important files; (2) provide only the meeting data you intend to share — the skill has no declared networking but your agent or session could still be configured to send data elsewhere, so confirm where outputs are stored or transmitted; (3) note the small version mismatch between the registry (1.0.0) and SKILL.md frontmatter (1.1.0) — minor but worth awareness; (4) run the script locally (python3 scripts/tasks_to_kanban.py --help) to validate behavior in your environment before allowing any automated/autonomous runs.

Purpose & Capability: okName/description (convert meeting notes to a Kanban) align with the included artifacts: SKILL.md describes the workflow, a local script (scripts/tasks_to_kanban.py) formats JSON->CSV, and a board-columns.yaml resource provides column defaults. There are no unrelated binaries or credentials requested.
Instruction Scope: okSKILL.md stays on-task: it asks for meeting notes, columns, participants and describes extracting actions and producing CSV/markdown summaries. It explicitly references only the local script and resource file. It does not instruct reading system files, accessing environment variables, or contacting external endpoints.
Install Mechanism: okNo install spec — instruction-only with a local, auditable Python script. Required runtime is python3 which is reasonable. No downloads, package installs, or extract/unpack steps are present.
Credentials: okThe skill requires no environment variables or credentials. The only runtime dependency is python3, which is proportionate to running the included script. There are no requests for unrelated secrets or config paths.
Persistence & Privilege: okalways is false and the skill is user-invocable (normal). The skill does not request permanent presence or modify other skills or system-wide settings. The bundled script writes an output CSV to a user-specified path (default kanban.csv) — this is expected but will overwrite that file if the user chooses the same filename.