Skillv1.0.0

ClawScan security

Reading & Knowledge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 7:51 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only knowledge companion whose declared behavior, required artifacts, and requested access align with its description and contain no surprising installs or credential requests.
Guidance: This skill appears coherent and low-risk: it only provides content and keeps a local memory file of your interests and past questions. Before installing, confirm how your agent runtime persists or syncs memory (local disk vs. cloud backup) so you understand where MEMORY.md will be stored. If you care about privacy, verify the agent platform's storage/backup policies and that the skill will not be granted network or credential access you haven't explicitly provided. Otherwise, the skill's scope and behavior match its description.

Review Dimensions

Purpose & Capability: okThe name/description (knowledge companion for space, universe, history) matches the provided SKILL.md and AGENT.md content. The files describe answering questions, explaining concepts, recommending media, and tracking a learning memory — all coherent with the stated purpose. There are no extra credentials, binaries, or unrelated capabilities requested.
Instruction Scope: okRuntime instructions are limited to answering domain questions, making recommendations, asking follow-ups, and maintaining a local memory of user preferences and prior questions. They do not instruct reading unrelated system files, accessing environment variables, calling external endpoints, or exfiltrating data. The only potentially noteworthy behavior is maintaining a memory file (MEMORY.md), which is consistent with the skill's stated purpose.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by an installer. That is the lowest-risk install posture and matches expectations for a content/assistant skill.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There are no requests for tokens, keys, or unrelated service credentials. The memory usage described is local and proportional to the feature set.
Persistence & Privilege: okThe skill does not request always: true and uses default autonomous invocation settings. It describes maintaining a memory file (MEMORY.md) for user preferences and history; this is appropriate for a personal knowledge companion. There is no indication it modifies other skills or global agent settings.