Back to skill
Skillv2.0.0
ClawScan security
Ai Daily Briefing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 7:17 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested access and instructions match its stated purpose: it reads local to-do, meeting notes, and (optionally) calendar data to produce a daily briefing and does not request extra credentials or installs.
- Guidance
- This skill is coherent: it reads files in your workspace (todo.md, meeting-notes/, MEMORY.md, etc.) and uses calendar data if your agent already has a calendar connector. Before enabling it, confirm you are comfortable with the agent reading those local files and any calendar the agent can access. If you have sensitive files in the workspace you don't want scanned, move or rename them. Also verify any calendar integration or connectors the agent uses—those authorizations are outside this skill and should be managed at the agent/platform level.
Review Dimensions
- Purpose & Capability
- okName/description (daily briefing) align with the actions described: scanning todo.md, meeting-notes/, memory files, and calendar. None of the declared requirements (there are none) are disproportionate to the stated purpose.
- Instruction Scope
- okSKILL.md explicitly instructs the agent to read specific workspace files/folders (todo.md, meeting-notes/, MEMORY.md, memory/[today].md) and, if available, calendar data. These data sources are directly relevant to generating a briefing. There are no instructions to exfiltrate data or call external endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing is written to disk or downloaded by the skill itself.
- Credentials
- okThe skill declares no required environment variables or credentials. The only access it needs is to workspace files and any existing calendar connector the agent already has; that is proportionate to a briefing skill.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system presence or modifications to other skills/config. Autonomous invocation is allowed (platform default) but not combined with broad credentials or elevated privileges.