Back to skill
Skillv1.0.1
ClawScan security
Superclaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 5:26 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Superclaw is an instruction-only workflow skill whose requested actions and file/agent interactions match its stated purpose (design → plan → execute) and do not request unrelated credentials or install arbitrary code.
- Guidance
- Superclaw appears coherent and instruction-only, but before enabling it: (1) confirm you are comfortable the agent will read MEMORY.md and USER.md (these can contain sensitive user preferences/history); (2) verify the workspace paths it will write to (workspace/docs/plans/ and workspace/memory/) so artifacts don't leak into places you don't want; (3) note that sessions_spawn will create subagents to perform tasks — those subagents run with the agent's existing privileges, so review produced files/plans before allowing automatic execution; and (4) watch for examples that reference home paths (e.g., ~/.todos.json) — if you prefer all artifacts confined to a sandboxed workspace, modify the plan or instruct the agent accordingly.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description (enforcing a design→plan→execute workflow) align with the runtime instructions: asking clarifying questions, saving design/plan files, batching tasks, updating memory, and spawning subagents for isolated task execution. It does not request unrelated binaries, environment variables, or external endpoints.
- Instruction Scope
- noteThe SKILL.md explicitly instructs the agent to read/write workspace files (workspace/docs/plans/, workspace/memory/) and to read MEMORY.md / USER.md for context; it also shows example use of sessions_spawn to run isolated subagents and example use of home-paths (e.g., ~/.todos.json). This is coherent with its memory-integration claim, but users should be aware that reading MEMORY.md and writing files to the workspace (and optionally home paths in examples) will access local contextual data and produce artifacts on disk — expected behavior for a workflow enforcement skill.
- Install Mechanism
- okNo install spec and no code files are included; this is instruction-only so nothing is downloaded or written during install. That minimizes install-time risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The memory and workspace path access it documents is proportional to its purpose (context-aware planning and progress logging). There are no unrelated credential requests.
- Persistence & Privilege
- okThe skill does not request always:true or elevated persistent privileges. It relies on normal agent capabilities (reading/writing workspace files and spawning sessions_spawn subagents). Those are appropriate for an execution/workflow skill, but will operate with whatever permissions the agent already has.