ClawHub
Back to skill
v1.0.0

botlearn-writer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:14 AM.

Analysis

This is a coherent instruction-only article-writing skill with no evidence of hidden code execution, credential use, persistence, or destructive behavior.

GuidanceThis skill appears safe for normal article drafting. Before using it with confidential research or installing its package dependencies, make sure you trust the referenced BotLearn summarizer and keyword-extractor components.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
package.json
"dependencies": { "@botlearn/summarizer": "workspace:*", "@botlearn/keyword-extractor": "workspace:*" }

The skill depends on separate helper packages. This is disclosed and matches the article-writing purpose, but installation/use is not fully self-contained.

User impactUsing or installing the skill may also rely on the declared summarizer and keyword-extractor components.
RecommendationReview or trust the declared BotLearn helper dependencies before installing in a sensitive environment.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Use @botlearn/summarizer to condense research material into key points ... Use @botlearn/keyword-extractor to identify core terms

The agent is instructed to pass article topics or provided research material to declared helper skills. This is expected for the writing workflow, but it matters if the user provides confidential references.

User impactPrivate research text supplied for an article could be processed by helper skills as part of the workflow.
RecommendationAvoid providing confidential source material unless you also trust the helper skills and the surrounding workspace privacy controls.