Skillv1.0.0

ClawScan security

Context Pruner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 1, 2026, 2:56 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (pruning and summarizing conversation history) matches its minimal runtime instructions and it requests no credentials or installs, but the instructions are high-level and the package has no source/homepage so some operational details are missing.
Guidance: This skill appears internally consistent with its stated goal and requests no credentials, but it is minimal and undocumented (no source or homepage). Before installing: 1) Ask the provider how it decides what to delete vs summarize and whether actions are reversible (retain backups). 2) Test on non-sensitive conversations first. 3) Verify what 'clawhub install' would do in your environment. 4) If you need stronger assurances, request source code or documentation from the publisher so you can confirm it doesn't transmit or permanently erase data you care about.

Purpose & Capability: okName and description match the instructions: pruning, summarizing, and chunking conversational history. There are no unexpected required binaries, env vars, or config paths that would be incoherent with a context-management skill.
Instruction Scope: noteSKILL.md contains only high-level pruning steps (noise detection, fact distillation, chunking) and does not instruct reading unrelated files, network exfiltration, or credential access. However the instructions are vague about what gets deleted versus summarized and what heuristics are used, giving the skill broad discretion if implemented by an agent.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so nothing will be written to disk by the skill itself. The README mentions a 'clawhub install' command but no install spec is present—this is a minor documentation incongruence rather than an evidence of risky installation behavior.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate access requested for unrelated services.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request persistent system-wide changes or access to other skills' configs. Autonomous model invocation is allowed by default on the platform but that is not a red flag on its own here.