v3.1.1

QSR Labor Leak Auditor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:32 AM.

Analysis

The skill is a coherent restaurant labor-auditing instruction set, but it persists confidential store labor/revenue data and users should keep any unrelated purchase or crypto capabilities tightly limited.

GuidanceThis skill appears suitable for its stated labor-auditing purpose, but only use it where persistent store-scoped memory is acceptable. Avoid entering personal employee data, review stored records regularly, install only trusted companion or sibling QSR skills, and keep any purchase, payment, or crypto tools disabled unless you explicitly approve them.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The registry provenance is limited, although the supplied artifact set is instruction-only and contains no executable install mechanism.

User impactIt may be harder to independently verify the publisher or compare the installed artifact with an upstream source.

RecommendationVerify the owner and intended source before relying on the skill for business decisions.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceMediumStatusNote

capability signals

crypto; can-make-purchases

These capability signals are not explained by the labor-auditing purpose or the provided instructions; no artifact text shows the skill actually using them.

User impactIf the host environment maps these signals to real financial or crypto-related tools, they would be unnecessary for this skill and could create avoidable financial risk.

RecommendationDo not grant purchase, payment, or crypto-related tool access to this skill unless there is a separate, explicit, user-approved reason.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

All daily entries, weekly goal records, checkpoints, standing rules, event tags, override logs, and contextual audit trails ... are written to and read from the store-scoped memory namespace ... This skill handles compensation and revenue data.

The skill deliberately persists confidential labor, revenue, compensation, and operating-context records that can influence future recommendations.

User impactSaved business data may shape later labor recommendations and could expose confidential store information if the memory namespace is shared too broadly or polluted with inaccurate entries.

RecommendationUse a clear store identifier, avoid entering PII, periodically review or purge saved records, and confirm the companion memory namespace has appropriate access controls.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

Other skills in the QSR Operations Suite may read from this skill's records only through the same store-scoped namespace and only in read-only mode.

The skill permits other related skills to read its stored labor and goal records, creating a disclosed cross-skill data-sharing path.

User impactOther installed QSR suite skills may be able to view confidential store labor and revenue context, even if they cannot modify it.

RecommendationInstall only trusted sibling skills and verify that read-only access is enforced for the store-scoped namespace.