Skillv1.0.0

ClawScan security

chitin-chronicle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 5:28 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are coherent with its stated purpose (local, git-backed multi-agent editorial coordination), but there are minor documentation and provenance inconsistencies you should review before installing.
Guidance: This skill appears to do what it says: local, file-based coordination and an append-only ledger. Before installing: 1) Verify Node.js and git are available on the host (the metadata did not declare git but the scripts call git). 2) Inspect the skill directory, especially any .git directory, for suspicious git hooks or unexpected files — git commits in the skill will exercise those hooks. 3) Update any absolute paths in the docs (e.g., /home/aaron/...) to match your environment and ensure the AGENTS.md boot entry points to the correct location. 4) Decide whether you want the boot-check to run on every session (it only reads local state but will display editorial state at startup). 5) If you run this on a multi-user machine, confirm file permissions for the editorial/claims and .git directories to avoid cross-user surprises. If you want higher assurance, run the scripts in a sandboxed workspace first and review the code (editorial.js and boot-check.sh) line-by-line — they are short and self-contained.

Review Dimensions

Purpose & Capability: noteThe skill implements a local, git-backed claim/ledger/registry system which matches the described purpose. Minor mismatches: the registry metadata and some docs refer to 'chitin-chronicle' vs 'chitin-editorial' (inconsistent naming), and SKILL.md examples use an absolute user path (/home/aaron/...) while the scripts use relative __dirname. The skill executes git commands but 'required binaries' in the registry metadata list none — git (and Node.js) are de facto requirements and should be declared.
Instruction Scope: okRuntime instructions and the CLI operate only on files inside the skill's editorial/ directory (claims, ledger, registry, timeline). The SKILL.md asks you to add a boot-check script to your AGENTS.md startup sequence and to set OPENCLAW_AGENT; the code reads that env var (falling back to USER). The instructions do not request remote endpoints or unrelated system files. Note: SKILL.md examples reference a specific home path which you should adapt to your environment.
Install Mechanism: okThis is an instruction-only skill with included scripts; there is no network download or package installation step. All code is local and uses Node.js built-ins and bash. That is lower risk than arbitrary installs.
Credentials: okThe skill does not declare or require secrets or external credentials. It uses OPENCLAW_AGENT or USER to identify the agent, which is reasonable for its purpose. No unrelated environment variables, keys, or config paths are requested.
Persistence & Privilege: noteThe skill is not force-installed (always:false) and can be invoked by the agent. It writes state to files in its own editorial/ directory and runs local git commits (execSync). Because it performs git operations, if that editorial directory contains a .git repository with hooks, those hooks could execute arbitrary code during commits — inspect any included .git before use. The skill suggests adding a boot hook to AGENTS.md (user opt-in), which increases runtime frequency but is not automatic.