ClawHub
Back to skill
v1.0.0

Model Handoff

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:26 AM.

Analysis

This instruction-only skill is coherent, but it creates persistent workspace handoff files that may carry future instructions, personal context, and credential-file pointers, so users should review what gets written.

GuidanceThis skill appears safe for its stated purpose as long as you review the generated HANDOFF.md and AGENTS.md changes. Keep secrets out of the handoff, avoid unnecessary personal details, and periodically remove stale instructions or project information.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
After creating `HANDOFF.md`, add a reference in `AGENTS.md` ... **Keep current proactively** — do not wait to be asked.

This shows the skill may edit persistent workspace/agent instruction files and update them proactively. The behavior is disclosed and aligned with the handoff purpose, but it still changes files that can affect later model behavior.

User impactYour workspace may gain or change HANDOFF.md and AGENTS.md entries, which future agents may read before acting.
RecommendationReview diffs to HANDOFF.md and AGENTS.md, and ask the agent to confirm before editing shared or important workspace instruction files.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
## Key credentials & tools
[Point to credential files — never inline secrets. e.g. "Azure SP creds: azure-config.json"]

The skill does not request or use credentials directly, but it encourages recording where credential files live. That can help future models or readers locate sensitive account material.

User impactA handoff file could reveal the existence or location of credential files even if it does not contain the secrets themselves.
RecommendationDo not include secret values, and only include credential-file references when they are necessary and safe for everyone who can read the workspace.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
`HANDOFF.md` is a dense, always-current fast-boot file ... It is the single source of truth for model-to-model context transfer.

The skill intentionally creates persistent context that future models may trust. If the file becomes stale, overly broad, or includes unsafe behavioral rules, that context can influence later sessions.

User impactFuture models may follow outdated or inappropriate instructions from HANDOFF.md unless it is reviewed and kept accurate.
RecommendationKeep HANDOFF.md concise, remove stale content, avoid private data, and treat its behavioral rules as suggestions subject to the current user request.