v1.0.0

DoctorClaw Feedback Digest

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 1:04 PM.

Analysis

This instruction-only skill is purpose-aligned, but it can handle customer feedback data, store digests, send alerts to chat channels, and post approved replies, so it should be configured carefully.

GuidanceBefore installing, decide exactly which feedback sources the agent may read, where digests and alerts may be sent, how long archives should be kept, and who can approve posted replies. Avoid broad integrations when exports or read-only access will work.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

Response access — ability to reply to reviews or tickets after your approval

The skill may use review or ticketing tools to post replies, which can affect public reviews or customer conversations, but it explicitly requires approval.

User impactA mistaken approval could publish an inaccurate or inappropriate response to a customer or public review.

RecommendationGrant the minimum reply permissions needed and review every drafted response before allowing it to be posted.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Run it weekly for a full digest, or trigger on-demand

The skill supports scheduled recurring operation and immediate urgent alerts, which is disclosed and aligned with the digest purpose.

User impactThe agent may continue producing digests or alerts on a schedule if the user configures recurring operation.

RecommendationDocument the schedule, alert triggers, and delivery destination, and disable the schedule when it is no longer needed.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceMediumStatusNote

SKILL.md

Feedback sources — where to pull feedback from (file paths, URLs, integrations)

The skill depends on user-configured access to feedback systems and integrations, which may involve account permissions even though no credentials are declared in the registry metadata.

User impactIf broad integrations are connected, the agent may be able to read more customer or business feedback than necessary.

RecommendationUse least-privilege accounts or exports, limit integrations to the exact feedback sources needed, and avoid granting unrelated account access.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

Save to `memory/feedback/YYYY-MM-DD.md`

The skill stores feedback digests persistently for trend tracking, which can retain customer excerpts, authors, topics, and response status across future runs.

User impactCustomer feedback details may remain in the agent's memory or archive and influence later summaries or recommendations.

RecommendationDefine retention rules, redact sensitive customer information where possible, and periodically review or delete archived digests.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

Delivery channel — Telegram/Discord for digest and urgent alerts

The skill can send digests and urgent alerts to external chat channels, potentially moving customer feedback excerpts outside the original feedback systems.

User impactPrivate customer complaints, support-ticket content, or author names could be visible to chat-channel members.

RecommendationUse private channels with controlled membership, redact sensitive details in alerts, and confirm that the chosen channel is appropriate for customer data.