Skillv2.1.1

ClawScan security

Board Meeting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 7:32 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (running structured, multi-agent board meetings) but they read from and write to persistent 'memory' files without declaring those config paths or any required privileges—an inconsistency worth addressing before installation.
Guidance: This skill appears to do what it says (a structured 6-phase board meeting), but it reads and writes persistent memory files (company context, decisions, raw transcripts) while the registry shows no declared config paths or storage permissions. Before installing: 1) Confirm with the skill owner/platform whether the skill will be granted access to your agent's memory storage and where those files will be stored and who can read them. 2) Ensure raw transcripts (Layer 1) will be stored securely and that the auto-archive / retention policy matches your data-sensitivity requirements. 3) Verify the missing reference (agent-protocol/SKILL.md) and ask for documentation of how Phase 2 isolation is enforced. 4) If you do not want persistent transcripts or Layer 2 decisions written automatically, do not install or require a version that declares config paths and gives you explicit opt-in for storage. If you need more assurance, ask the publisher for a README describing exact memory I/O and retention policies and for the identity/verification of the publisher (owner ID).

Review Dimensions

Purpose & Capability: noteThe skill's behaviors (running isolated role contributions, critic, synthesis, and writing approved decisions) are coherent with a 'board meeting' facilitator. However, it expects access to agent persistent memory files (e.g., memory/company-context.md and memory/board-meetings/*.md) even though the registry metadata declares no required config paths or credentials. That omission is a mismatch between stated requirements and actual operation.
Instruction Scope: concernSKILL.md explicitly instructs the agent to load specific memory files (Layer 2 decisions) and to write raw transcripts and approved decisions to memory paths. Those are substantive I/O actions that persist potentially sensitive company data. The skill enforces not loading raw transcripts in Phase 1 (good) but still creates them in Phase 6. The instructions also reference an external format file (agent-protocol/SKILL.md) that is not present in the file manifest.
Install Mechanism: okInstruction-only skill with no install steps, no downloaded code, and no required binaries—this is the lowest install risk and consistent with a facilitation protocol.
Credentials: concernThe skill declares no environment variables or config paths but performs read/write operations on persistent memory locations. Requesting or using memory access should be declared in requires.config/paths so administrators understand what will be read and stored. There are no unrelated credentials requested, which is appropriate.
Persistence & Privilege: concernThe skill will persist raw transcripts and decision records to memory (Layer 1 and Layer 2). Persisting sensitive board-level transcripts is a high-impact operation; the skill does not declare this persistence in its metadata. 'always' is false and autonomous invocation is allowed (normal), but the combination of autonomous runs + undeclared persistent writes raises the blast radius if misused.