Back to skill
Skillv1.0.0
ClawScan security
Agent Onboarding · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 2:25 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and file access patterns are consistent with its stated purpose of onboarding new agents to group chats; it only reads/writes local agent memory and documentation files and does not request external credentials or installs.
- Guidance
- This skill is internally consistent for onboarding agents: it will read and update your agent's local documentation and memory files (e.g., SOUL.md, USER.md, AGENTS.md, memory/Group/...). Before installing, confirm you are comfortable with a skill that can read and write those local files (they may contain private or sensitive info). There are no external network endpoints, no required credentials, and nothing is downloaded at install time. If you want stricter controls, review or sandbox the memory files the skill will access, or request an explicit log of file writes before enabling it.
Review Dimensions
- Purpose & Capability
- okThe name/description (agent onboarding for group chats) matches the actions the skill asks the agent to perform: create/update memory/Group/[群名].md, update AGENTS.md, follow message/response rules, and manage checkpoints. No unrelated credentials, binaries, or external services are required.
- Instruction Scope
- noteInstructions direct the agent to read and write local agent files (SOUL.md, USER.md, MEMORY.md, memory/YYYY-MM-DD.md, AGENTS.md, memory/Group/...). This is coherent for onboarding but is privacy-sensitive because USER.md and SOUL.md may contain personal data or secrets. The skill does not instruct sending data to external endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code to write to disk beyond using existing agent-local files. Lowest-risk install profile.
- Credentials
- okNo environment variables, credentials, or config paths are required. The requested file accesses are proportionate to the stated purpose (managing agent memory and documentation).
- Persistence & Privilege
- okalways:false and no indication the skill modifies other skills or global agent config. It writes/maintains its own documentation and memory files, which is expected for an onboarding helper.