Skillv1.0.0

ClawScan security

Team Collaboration Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 11:02 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only multi-agent collaboration template that is internally consistent: it reads/writes local memory files and spawns child agents but does not request credentials, installs, or external downloads by itself.
Guidance: This skill appears to do what it says: templates + runtime instructions to spawn agents and store state locally. Before installing, confirm: (1) where the memory/ directory will be stored and who can read it (it will contain user preferences, decisions, and possibly sensitive snippets); (2) whether your agent platform implements the read()/spawnAgent() primitives used in the examples; (3) you are comfortable with the HEARTBEAT behavior that can send greetings/checks automatically; (4) you will only enable any third-party integrations (GitHub, Notion, Feishu, xhs, etc.) intentionally and supply credentials yourself. If you need stronger privacy, ask how to inspect, export, or delete the memory/ files and disable automatic greetings or scheduled checks.

Review Dimensions

Purpose & Capability: okThe name/description (multi-agent team collaboration) matches the contents: templates and instructions to persist state, route tasks, extract knowledge, and spawn agents. No unrelated credentials, binaries, or install steps are required.
Instruction Scope: noteSKILL.md explicitly instructs reading and updating files under memory/ (MEMORY.md, company.md, doctor-profile.md) and spawning agents with state. This is coherent with the skill purpose. Note: the instructions encourage persisting user preferences/decisions and automatically greeting users (HEARTBEAT) if inactive — that implies the agent will store and act on user data and may send messages autonomously when invoked.
Install Mechanism: okNo install spec and no code files — instruction-only. This minimizes installation risk (nothing downloaded or written by an installer).
Credentials: noteThe skill declares no required env vars or credentials (proportionate). However templates reference third‑party tools (GitHub CLI, notion, feishu, xhs, search tools) in examples; using those would require adding credentials later. The skill itself does not request or exfiltrate secrets.
Persistence & Privilege: noteThe skill expects to read and write persistent files under memory/ (agent state, lessons, decisions). always:false and normal autonomous invocation flags are used. Persisting user preferences and decisions is expected for this feature, but users should be aware these files may contain sensitive info and the HEARTBEAT guidance schedules periodic checks/actions (every 30 minutes/24h greeting) which could trigger unsolicited messages when enabled.