Skillv2.1.1

ClawScan security

Context Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 10:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match its stated purpose (managing and anonymizing company context), but there are inconsistencies between the runtime instructions and the declared metadata (notably an undeclared config path and unclear integration/activation behavior) that you should resolve before trusting it.
Guidance: This skill appears to implement a reasonable local context manager and a careful anonymization protocol, but there are a few red flags to clear up before installing: - Metadata mismatch: The SKILL.md reads and updates ~/.claude/company-context.md, but the registry metadata does not list that config path as required. Ask the author to declare required config paths so you know what files the skill will access. - Activation model: The README says 'Every advisor skill loads this first' but the skill is not marked always:true. Request clarification on how other advisor skills are expected to invoke or depend on this skill and whether it will auto-load in your environment. - Anonymization enforcement: The anonymization protocol looks strict and appropriate, but because this is instruction-only, you should confirm how anonymization is actually applied in practice (e.g., which outbound tools or web searches the agent may call). If possible, test with non-sensitive sample data to verify stripping behavior. - Audit/log storage: The skill mentions an internal audit log for external calls. Ask where that log is stored, who can read it, and whether it is ever transmitted externally. If the author can (1) update the manifest to declare ~/.claude/company-context.md as a required config path (or make the path configurable), (2) explain integration/activation semantics, and (3) document how anonymization is enforced for each outbound tool, this skill is more coherent. Until then, treat it with caution (do not provide real sensitive financial/customer/employee names during testing).

Review Dimensions

Purpose & Capability: noteThe name and description (load/manage company context, detect staleness, anonymize before external calls) match the SKILL.md behavior: it reads a context file, parses fields, prompts for refreshes, and applies anonymization rules. However, the skill explicitly depends on a local config file (~/.claude/company-context.md) and claims to be the memory layer 'Every advisor skill loads this first' — yet the registry metadata lists no required config paths and does not set always:true. That mismatch between claimed role and declared requirements is inconsistent.
Instruction Scope: okThe SKILL.md instructions are focused on reading/updating the local context file, enriching in-session context, and applying an anonymization protocol before any external calls. It instructs confirming before modifying the file and to never send specific sensitive fields externally. There are no directives to read unrelated system files or exfiltrate data. The one scope issue is the file path used (~/.claude/company-context.md) is referenced but not declared in metadata.
Install Mechanism: okNo install spec and no code files are present (instruction-only). This is low-risk from an install/execution standpoint because nothing is downloaded or written at install time.
Credentials: concernThe skill requests no environment variables or credentials, which fits its local-only context-management purpose. However, it relies on a specific local file path (~/.claude/company-context.md) and treats that file as authoritative; the registry metadata does not declare this required config path. The omission is a proportionality/information mismatch: the runtime instructions need access to that file but the manifest did not declare it.
Persistence & Privilege: noteThe skill is not always:true and is user-invocable, so it won't be force-included automatically. It describes updating a local context file only after explicit confirmation, which is appropriate. If this skill is expected to be loaded 'first' by other advisor skills, there should be an explicit mechanism/manifest entry indicating that relationship; otherwise calling/registration behavior is unclear.