Skillv1.0.9

ClawScan security

Plan C · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 6, 2026, 11:11 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The instructions, inputs, and actions described are internally consistent with the skill's stated purpose: it reads and summarizes planning files and only performs deeper codebase exploration and file updates when the user explicitly requests it.
Guidance: This skill appears to do what it says: it will read planning files (plans/.../*.md), summarize them by default, and only scan code or update files if you explicitly request deep analysis and iteration. Before installing or invoking it: 1) confirm where your planning files live and avoid placing sensitive data in the same directories; 2) be aware the skill will write back updates to the original planning file when you ask it to iterate—only grant that permission if you trust the edits; 3) note that the skill is not autonomously invoked (disable-model-invocation=true), which reduces accidental access; and 4) if you want stricter control, provide explicit file paths in your commands every time so the skill only reads the intended file. Overall the skill is internally coherent and proportional to its stated purpose.

Purpose & Capability: okThe name/description promise (continue conversations based on existing planning files; summarize first, deep-iterate on demand) matches the runtime instructions: detect explicit file paths, summarize when asked, and run a deeper 'Plan Mode' only for specific analysis requests.
Instruction Scope: noteInstructions explicitly direct the agent to read plan files (plans/.../*.md), optionally scan related code directories in deep mode, and write updates back to the original planning file. This is coherent with the skill's purpose, but it does mean the skill will perform file I/O (reads and writes) on project files when invoked for iteration — users should expect and authorize that behavior.
Install Mechanism: okInstruction-only skill with no install steps or external downloads; nothing is written to disk by an installer. No install-related red flags.
Credentials: okNo environment variables, credentials, or config paths are requested. The required inputs (file paths and conversational context) are proportional to the stated functionality.
Persistence & Privilege: okThe skill does not request permanent/always-on inclusion and has disable-model-invocation=true (it will not be invoked autonomously). It does perform writes to planning files when the user explicitly asks for iteration, which is a normal capability for a document-update skill.