Skillv2.1.1

ClawScan security

Executive Mentor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 11:20 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose, docs, and included analysis scripts align with an executive-mentoring tool, but vague 'proactive triggers' and autonomous invocation semantics create potential privacy/monitoring ambiguity that the user should understand before installing.
Guidance: This skill appears to be what it says: frameworks, playbooks, and two local Python tools that score decisions and map stakeholders. The main concern is the 'Proactive Triggers' behavior: it implies the mentor should detect upcoming board meetings, unanalyzed decisions, or team consensus without user prompting, but the skill doesn't say how it will get that information. Before installing or enabling autonomous invocation, consider: 1) What data sources will the agent be allowed to read (calendar, email, Slack, project tools)? Deny or audit those permissions if you don't want automated monitoring. 2) If you allow proactive triggers, require explicit user confirmation or opt-in for each trigger type. 3) Review the included scripts locally (they are benign, offline analysis tools) and ensure no external endpoints are called by any other files. 4) If the skill can invoke other roles/skills (the INVOKE markers), confirm what those other skills do and what data they will request. 5) If you want to minimize risk, keep disable-model-invocation = true (disallow autonomous runs) or restrict the agent's tool/permission scopes so the skill can only run when you explicitly invoke it.

Review Dimensions

Purpose & Capability: okThe name, description, SKILL.md content, reference docs, and the two included Python tools (decision_matrix_scorer.py and stakeholder_mapper.py) are coherent: they implement decision-scoring and stakeholder-mapping functionality appropriate for an 'Executive Mentor' skill. There are no unrelated required env vars, binaries, or config paths.
Instruction Scope: concernSKILL.md instructs running the included Python tools and contains detailed agent prompts and playbooks that are consistent with the stated purpose. However the 'Proactive Triggers' section instructs the mentor to 'surface these without being asked' (e.g., board meeting in <2 weeks, founder avoiding a conversation, major decision made without stress-testing). Those triggers imply the skill will monitor user context (calendar, decisions, conversations, team consensus) but the instructions do not specify what data sources, permissions, or methods the skill should use. This vagueness grants broad discretion to an agent to access personal/team data and could lead to unintended monitoring or information access.
Install Mechanism: okThis is an instruction-first skill with no install spec. No downloads or executables are written to disk by an installer. Two small Python scripts are included; they are self-contained and perform local analysis without network or I/O beyond reading JSON input if provided.
Credentials: okNo required environment variables, no declared credentials, and no config paths. The Python scripts and SKILL.md do not reference secrets or external endpoints. This is proportionate to the skill's stated purpose.
Persistence & Privilege: notealways is false and disable-model-invocation is false (normal). The combination of autonomous invocation plus the explicit 'Proactive Triggers' increases the chance the agent will act or prompt without a user-initiated command. That behavior is reasonable for a coaching/alerting skill, but the SKILL.md does not constrain or document what it will check (calendar, messages, project management tools) or require explicit runtime consent — the user should verify and limit those permissions if desired.