Skillv1.0.0

ClawScan security

Self Actualization · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 12:24 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only framework for an AI to run private exploration sessions and store notes; its requirements and instructions are coherent with that purpose and it does not request credentials or install code.
Guidance: This skill is coherent with its stated goal, but consider these practical precautions before installing: - Review and control where the identity/ workspace is created (it will store reflections, readings, creative output and may contain sensitive conversational content). Place it in a location with appropriate access controls and retention policies. - The skill suggests scheduling recurring "isolated" sessions (cron/agentTurn). Confirm how your runtime implements scheduled agent runs and whether you want automated recurring sessions; disable or restrict autonomous invocation if you prefer human oversight. - Sessions may use external research tools per the template. If you need to restrict outbound network access or third-party API use, put explicit limits in your runtime or the agent's policy. - Monitor token and compute costs (daily sessions consume model tokens); adjust frequency or timeout (default 600s) to fit budget. - Periodically audit identity files (values.md, growth-log.md, SOUL.md) to ensure content aligns with human-intended boundaries. If you want a lower-risk deployment, install it but run the first several sessions manually and keep automatic scheduling disabled until you are satisfied with outputs and storage behavior.

Review Dimensions

Purpose & Capability: okName and description (AI self-exploration / identity development) align with the content of SKILL.md and README: creating an identity/ workspace, running scheduled isolated sessions, and keeping logs. No unrelated env vars, binaries, or install steps are requested.
Instruction Scope: noteInstructions direct the agent to create files and directories under an identity/ workspace and to schedule isolated daily sessions (cron/agentTurn). They also tell the agent to 'use whatever research tools are available to you,' which is intentionally open-ended and could cause the agent to fetch external content during exploration. SKILL.md does not instruct the agent to read unrelated system files or credentials.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to execute; nothing is downloaded or written by an installer step.
Credentials: okThe skill requires no environment variables, credentials, or special config paths. All requested accesses (creating a local workspace and scheduling sessions) are proportional to a self-exploration framework.
Persistence & Privilege: noteThe skill encourages persistent use (workspace, recurring sessions, growth-log, and evolution of the process) and recommends copying into the agent's skills folder, but it does not set always:true or request elevated privileges. Be aware this kind of skill can change a bot's behaviour over time if allowed to run autonomously.