Back to skill
Skillv1.1.0
ClawScan security
Rejection Logger · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 2:57 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill does what it says — it appends rejection entries to a local .learnings/REJECTIONS.md file — and its requirements and files match that purpose; main risk is accidental logging of sensitive data to a repository file.
- Guidance
- This skill is coherent and low-risk technically, but it persists free-text rejection reasoning to .learnings/REJECTIONS.md which can contain PII or secrets and may be committed to version control. Before installing: (1) inspect scripts/log_rejection.sh and keep it unchanged; (2) add .learnings/REJECTIONS.md to .gitignore or ensure repo policies prevent accidental commits; (3) restrict file permissions (e.g., chmod 600) or encrypt logs if needed; (4) avoid logging raw secrets or sensitive user data — sanitize inputs; (5) consider requiring explicit user confirmation before the agent logs a rejection or disabling autonomous invocation for this skill if you want tighter control.
Review Dimensions
- Purpose & Capability
- okName and description describe logging rejected choices. SKILL.md and the included scripts/log_rejection.sh implement exactly that behavior (create .learnings directory and append a Markdown entry). There are no unrelated env vars, binaries, or network calls.
- Instruction Scope
- noteInstructions are narrowly scoped to creating/appending a local REJECTIONS.md file using the provided template. They do not request reading other files, calling external endpoints, or accessing unrelated credentials. Important caveat: the instructions explicitly ask the agent to record free-text 'Target' and 'Reason' fields — these entries can contain PII, secrets, or other sensitive content and will be persisted to disk and (if version-controlled) to remote repos.
- Install Mechanism
- okNo install spec; this is instruction-only with a small included bash script. The script is short, contains no downloads, and writes only to a local .learnings directory. Low install risk.
- Credentials
- noteThe skill requests no environment variables or credentials and the script doesn't read env vars. However, persisting agent decisions to a file can leak secrets if those decisions include sensitive data. Consider access control, .gitignore, or encryption for the log file.
- Persistence & Privilege
- okalways:false and the skill does not modify other skills or global agent settings. It only writes to a workspace-local .learnings/REJECTIONS.md. Autonomous invocation is allowed by default (platform normal); if the agent is allowed to call skills autonomously it could generate many log entries — consider limiting use or requiring explicit user consent for logging.