Back to skill
Skillv2.0.1
ClawScan security
Mindmap · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 10:47 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a coherent, local CLI mind‑map / note tool that stores data under the user's home directory and does not request credentials, network access, or elevated privileges.
- Guidance
- This skill appears to do exactly what it says: a local note/mind‑map utility. Before installing, be aware it will create ~/.local/share/mindmap/ (or your MINDMAP_DIR) and will append entries to data.log and history.log (which records commands). If you have privacy concerns, set MINDMAP_DIR to a controlled location, review the script contents (it's plain bash), and periodically inspect or delete history.log/data.log. As with any third‑party script, only run it if you trust the source.
Review Dimensions
- Purpose & Capability
- okThe name/description match the provided code and instructions: a local terminal utility for adding, listing, searching, removing, and exporting simple log-based mind‑map entries. No unrelated credentials, binaries, or services are required.
- Instruction Scope
- okSKILL.md and the bundled script only reference the data directory (MINDMAP_DIR/XDG_DATA_HOME/HOME) and standard Unix utilities (date, grep, cat). Commands are local and limited (add/list/search/export/etc.). The tool records command history to history.log — expected for auditing but note it stores command strings locally.
- Install Mechanism
- okNo install spec is provided (instruction-only), and the included script is a small bash script with no external downloads or extract steps. Risk from installation is minimal.
- Credentials
- okNo credentials or secret environment variables are requested. The script respects MINDMAP_DIR and XDG_DATA_HOME (and HOME fallback), which is proportional and documented in SKILL.md.
- Persistence & Privilege
- okThe skill is not always-enabled and does not modify other skills or system configuration. It persists only its own data under ~/.local/share/mindmap (or configured MINDMAP_DIR), which is expected behavior.