Skillv0.1.0

ClawScan security

PARA · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 24, 2026, 5:18 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches its behavior (reorganizing files into a PARA folder layout), but its runtime instructions are overly broad and mandatory and could move or overwrite workspace files without safeguards.
Guidance: This skill does what it says (reorganizes files into a PARA layout) but its instructions are forceful and have no safety checks — it could move or overwrite important files under /root/clawd without asking. Before installing or enabling it: (1) make a full backup of /root/clawd and test the skill on a copy, (2) ask the author to add safe behaviors (dry-run mode, confirmation prompts, explicit exclude lists for AGENTS.md/MEMORY.md and other critical files, and a way to opt into automatic moves), (3) prefer running it only via explicit user invocation (disable autonomous runs if your platform allows), and (4) request that the skill declare /root/clawd as an explicit config path in its metadata so its scope is transparent. If you cannot verify these changes, treat the skill as risky for production or agent-critical workspaces.

Review Dimensions

Purpose & Capability: noteThe skill claims to organize files with the PARA method and its instructions do exactly that (create/move files into /root/clawd/1-Projects, 2-Areas, etc.). Requiring file moves is proportionate to the stated purpose. However, the SKILL.md hardcodes an absolute path (/root/clawd/) that is not listed in the skill's declared config paths, so there is a mismatch between declared metadata and actual target scope.
Instruction Scope: concernThe instructions mandate: 'You MUST follow the PARA structure for ALL file operations' and explicitly direct the agent to use mv for file organization. They lack safeguards (no dry-run, confirmations, exclusions, backups, or permission checks) and reference agent identity files (AGENTS.md, MEMORY.md) only as exceptions without a precise rule set. That gives the agent broad discretion to move arbitrary files under /root/clawd, which could cause unexpected data loss or break other components that expect files in fixed locations.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. Nothing is written to disk by an installer, which is the lowest-risk install profile.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The lack of requested secrets is proportionate to the stated purpose.
Persistence & Privilege: concernalways is false (good), but model invocation is allowed (default). Combined with the SKILL.md's mandatory rule to reorganize 'ALL file operations', autonomous invocation could allow the agent to perform destructive or disruptive file moves without explicit user approval. The skill also does not declare any scoped config paths, yet it assumes ownership of /root/clawd/.