Skillv1.0.0

ClawScan security

Therapy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 10:43 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are internally consistent with a supportive therapy-preparation tool and do not ask for extra credentials or installs, but provenance is unknown and the guidance to "log" moods is vague about where data is stored.
Guidance: This skill appears coherent with its stated purpose and doesn’t request credentials or install code, but take these practical precautions before installing: (1) Consider provenance—the source and homepage are unknown, so you lack accountability if something goes wrong. (2) Ask how and where mood logs and weekly reports will be stored (agent memory, local file, or remote service) and whether that data is encrypted or accessible to others. (3) Test the skill with non-sensitive examples first. (4) Because it's not a replacement for licensed care, ensure crisis resource suggestions are appropriate for your country/region. (5) If you are uncomfortable with automatic invocation for sensitive topics, disable autonomous invocation or only call the skill manually.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: reflection prompts, session prep, mood tracking, coping strategies, and crisis guidance. The skill does not request unrelated binaries, env vars, or installs, which is appropriate for its stated purpose.
Instruction Scope: noteSKILL.md stays on-topic (reflection, session prep, mood logging, coping strategies, crisis resources). It instructs the agent to "log rating... produce weekly pattern report" but provides no detail about where logs are stored or how reports are generated—this is a scope ambiguity (privacy/retention implications) rather than an explicit misbehavior. Crisis handling is correctly limited to providing resources and encouraging professional help; it does not instruct dangerous actions.
Install Mechanism: okInstruction-only skill with no install spec or code files; nothing is written to disk or downloaded. This is the lowest-risk install model and matches the described functionality.
Credentials: okThe skill requires no environment variables, credentials, or config paths. That aligns with the skill's stated features and is proportionate.
Persistence & Privilege: notealways is false (normal). The skill can be invoked autonomously (disable-model-invocation=false), which is platform default; given the topic (mental health) you may want to consider whether autonomous invocation is desirable. The skill's instructions reference logging/reporting but do not declare how persistent storage or memory is used.