ClawHub
Back to skill
v1.2.0

Structs Reconnaissance

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:17 AM.

Analysis

This is a disclosed, instruction-only Structs game reconnaissance workflow, but it uses broad read queries and writes persistent intel notes that users should review.

GuidanceThis skill appears acceptable for Structs game reconnaissance if you are comfortable with the agent running broad read queries and keeping persistent intel files. Verify the local structsd/Guild Stack tools yourself, and require separate approval for any future action that would mutate game state or use the gathered intel offensively.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
all reconnaissance queries can be done in **< 1 second** via PostgreSQL instead of CLI. This is essential for combat automation, real-time threat monitoring, and galaxy-wide scouting.

The skill encourages broad and fast local database querying for game reconnaissance. This is aligned with the stated purpose, but users should understand it may enumerate large portions of game state.

User impactThe agent may run broad Structs CLI or SQL read queries to gather extensive competitive intelligence.
RecommendationUse this only with trusted local Structs/Guild Stack tooling, and keep broad galaxy-wide queries under user direction.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
SKILL.md
All via `structsd query structs [subcommand] [args]`

The workflow depends on an external structsd CLI, while the supplied metadata lists no required binaries and there is no install spec. This is a dependency/provenance notice, not evidence of unsafe behavior.

User impactThe skill will only behave as expected if the local structsd tool and optional database stack are legitimate and correctly configured.
RecommendationVerify your installed structsd/Guild Stack source separately before allowing the agent to use these commands.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Persist intelligence — After gathering, update: ... memory/intel/players/{player-id}.md ... vulnerabilities, relationship ... memory/intel/threats.md — Threat board ranked by severity

The skill deliberately writes persistent dossiers and threat rankings that future agent sessions may reuse. This is disclosed and scoped to memory/intel, but stale or incorrect intel could affect later decisions.

User impactReconnaissance notes may persist across tasks and shape future recommendations or actions.
RecommendationPeriodically review, correct, or delete memory/intel files, especially before using them for combat or strategic decisions.