Back to skill
Skillv1.0.0
ClawScan security
Agent Dream Journal · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 20, 2026, 1:42 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions align with its stated purpose (local recording and analysis of agent 'dream' fragments); it writes/reads a local JSONL file and has no network, credential, or install requirements, with only minor inconsistencies to note.
- Guidance
- This skill appears to do only local recording and analysis of agent 'dream' fragments and has no network or credential requirements. Before installing: (1) note the SKILL.md references agent_dream_journal.py while the included script is tool.py — confirm the correct entrypoint or rename as needed; (2) be aware it stores internal reasoning and embeddings in agent_dreams.jsonl in the current working directory — do not run it where sensitive data may be exposed, and consider encrypting or restricting file permissions; (3) review the small Python file yourself if you want to verify no changes were made; (4) test in a sandboxed environment if you plan to allow autonomous invocation.
Review Dimensions
- Purpose & Capability
- noteThe name/description (recording and analyzing agent dream fragments) matches the code behavior (append/read agent_dreams.jsonl and filter by novelty). Minor incoherence: SKILL.md examples call python agent_dream_journal.py but the provided script is tool.py (filename mismatch).
- Instruction Scope
- noteRuntime instructions are limited to local record and analyze operations. The skill persists agent thoughts and embeddings to agent_dreams.jsonl in the current working directory — this can store sensitive internal reasoning traces. There are no network calls or references to external endpoints.
- Install Mechanism
- okNo install spec or external downloads are present. The package is instruction + a small Python script; nothing is fetched from the network or written to system paths during install.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The code only uses local filesystem and time; required access is proportionate to the stated purpose.
- Persistence & Privilege
- okalways is false and the skill does not modify other skills or system-wide settings. It persists only to a local file it creates (agent_dreams.jsonl). Autonomous invocation is allowed by default but not combined with other risky privileges.