Skillv0.1.0

ClawScan security

Agent DNA · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 6:13 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the advertised identity encode/decode/diff/port functionality and uses only stdlib Python, but incomplete/truncated files in the package and the fact it will read and serialize possibly-sensitive agent files (including contact_info) mean you should review the full code and outputs before using it on real data.
Guidance: This package is largely coherent with its stated purpose, but take these precautions before installing or running it: - Review the full source (especially diff.py, encode.py and port.py) before running; the package listing you provided contained truncated files, so I could not fully inspect some code paths. Any network or subprocess calls could be hidden in those omitted sections. - Treat your SOUL.md/MEMORY.md/USER.md/TOOLS.md as sensitive input: the tool will include and export their contents (including contact_info, emails, notes, infra paths). Do not run it on directories that contain secrets, API tokens, SSH keys, or private notes unless you have sanitized them first. - Inspect generated .dna.json and platform export files (exports/*) before sharing or pushing them to remote platforms; remove or redact contact_info or any fields you do not want stored outside your environment. - If you plan to use the port feature to push identity to remote services (Anthropic, OpenAI, Telegram, etc.), audit port.py to confirm it does not send data to unexpected endpoints and determine whether it writes files locally only or performs outbound network calls. - Run the tool in an isolated environment (non-production VM or container) the first time to observe its behavior and outputs. If you want, I can: (1) review the full, untruncated contents of diff.py/encode.py/port.py, (2) scan the repository for network calls or subprocess execution, and (3) highlight exact lines that write exported contact_info so you can modify or redact them.

Review Dimensions

Purpose & Capability: okName/description align with the included code: encode.py, decode.py, diff.py, port.py and dna_schema.py implement compressing SOUL/MEMORY into a .dna.json, reconstructing prompts, measuring drift, and exporting to platform formats. No unrelated binaries or credentials are requested.
Instruction Scope: noteThe runtime instructions explicitly read agent source files (SOUL.md, MEMORY.md, USER.md, TOOLS.md) and produce export artifacts. That's coherent with purpose, but those files can contain personal data (emails, notes, infra paths). The skill will serialize and export that information (exports show contact_info and email). Users should assume the tool will include any sensitive text present in the source files unless sanitized.
Install Mechanism: okNo install spec; code is pure Python and claims only stdlib use. That is low-risk from an installer/extraction perspective. There are no downloads or external package installs declared.
Credentials: noteThe package requests no environment variables or credentials, which matches its stated purpose. However exported artifacts (openagent/gpt/claude exports) include relationship contact_info and other personal metadata — the skill will preserve and emit such fields when present in source files, which could leak secrets if source files contain them.
Persistence & Privilege: okSkill is not always-enabled and does not request system-wide privileges. There is no evidence it modifies other skills or agent configs beyond writing its own export files. Autonomous invocation remains possible but is the platform default.