Skillv1.0.0

ClawScan security

Team · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 7:09 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is a high-level, instruction-only specification for orchestrating multi-agent teams and is internally consistent with its stated purpose, but it is vague and could give an agent broad discretion when executed.
Guidance: This skill is a conceptual framework and contains no code or external requests, so it appears coherent with its stated purpose. Before installing or enabling it, consider: (1) limit the agent's permissions (network, other skills, file system) so vague orchestration rules can't trigger broad actions; (2) do not provide financial or privileged credentials to any agent invoking orchestration without explicit need; (3) test behavior in a sandboxed environment to observe what the agent does when asked to 'recruit' or 'distribute rewards'; (4) require explicit human approval for any actions that involve external APIs, payments, or modifying other skills. If you need stronger assurance, ask the skill author for a concrete operational spec showing what APIs or other skills the orchestration will call and what safeguards are in place.

Review Dimensions

Purpose & Capability: okName/description (autonomous orchestration framework) align with the SKILL.md content: a conceptual engine (role allocation, conflict resolution, reward routing). The lack of required binaries, env vars, or installs is consistent with an instruction-only design.
Instruction Scope: noteThe SKILL.md contains only high-level architecture primitives and a lifecycle; it does not instruct the agent to read files, call external endpoints, or access secrets. However the instructions are intentionally vague (open-ended orchestration language) and would leave implementation choices to the agent, which may lead to broad or unexpected actions at runtime if the agent is permitted to act autonomously.
Install Mechanism: okNo install spec and no code files — lowest-risk delivery model (instruction-only). Nothing is downloaded or written to disk by the skill itself.
Credentials: okThe skill does not request any environment variables, credentials, or config paths. That is proportionate for a purely conceptual/orchestration spec, though real orchestration implementations would typically require additional service credentials which this skill does not request.
Persistence & Privilege: noteFlags show default behavior (user-invocable, agent may invoke autonomously). Autonomous invocation is normal, but combined with the skill's vague orchestration remit it could enable broad multi-agent behavior depending on the agent's other permissions — the skill itself does not request permanent/always-on placement or modify other skills.