Behavioral Invariant Monitor
PassAudited by ClawScan on May 1, 2026.
Overview
The visible artifact is a coherent security-monitoring skill, with noteworthy but purpose-aligned behavior around repeated skill testing and audit logging.
This appears to be a benign instruction-only security-monitoring skill. Before installing or invoking it, decide which skills may be tested, avoid running it against high-impact skills without approval, and ensure audit logs do not store sensitive outputs or traces unnecessarily.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used broadly, the monitor could cause other skills to run repeatedly, so any side effects from those tested skills could also repeat.
The monitoring approach contemplates repeated execution of skills under different conditions. That is central to detecting delayed activation, but it can exercise the side effects of whatever skills are tested.
Running every installed skill multiple times under varying conditions, comparing outputs for consistency...
Use it on explicitly selected skills, in a sandbox or dry-run setting where possible, and review before testing skills that can modify files, accounts, deployments, or public content.
Audit logs could retain sensitive execution details if the monitored skill handles private data.
The skill describes persistent behavior logs. This is appropriate for auditability, but such logs may capture execution details, paths, outputs, or traces from monitored skills.
cryptographic audit trails (hash-chained behavior logs for immutable verification)
Configure log scope, storage location, retention, and redaction before monitoring skills that may process sensitive information.