Back to skill
Skillv1.2.0
ClawScan security
McKinsey-style Decision Memo Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 10:11 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only memo/summarization helper and its requirements and instructions are consistent with that purpose.
- Guidance
- This skill appears internally consistent: it only contains instructions for turning documents into decision memos and requests no credentials or installs. Before installing or using it, consider: (1) Where you run the agent — if it sends document text to a remote API (the model provider), don’t paste confidential documents unless you trust that environment. (2) The skill expects to process PDFs/email threads but does not include tooling to ingest them; ensure your agent has a way to provide the text (OCR/attachment handling) if needed. (3) Because the skill may 'infer' missing context, review outputs for assumptions and do not treat recommendations as legal/financial/medical advice. If you want stronger safety guarantees, ask the publisher for details about how document handling and any external calls are performed.
Review Dimensions
- Purpose & Capability
- okName and description (produce decision-ready memos from documents) match the SKILL.md instructions. No unrelated environment variables, binaries, or install steps are requested.
- Instruction Scope
- noteInstructions stay within the skill's scope (summarize documents, highlight risks, recommend next steps). One minor note: it explicitly tells the agent to 'infer' decision context when the user gives very little information, which grants the agent broader discretion but is coherent with producing a memo.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing is written to disk or downloaded during install.
- Credentials
- okNo environment variables, credentials, or config paths are requested; requested capabilities are proportionate to the described task.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated or persistent privileges. Autonomous invocation is allowed (platform default) but not combined with other red flags.