v1.0.3

Pa Pack

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 3:48 PM.

Analysis

This is a transparent documentation-and-stub pack, but using its recommended workflow involves separately installed tools, OAuth/API keys, paid apps, and optional persistent personal context.

GuidanceReasonable to install as a guide, but do not expect working automation from the included CLI. Before following the setup, review each external tool, limit OAuth/API-key scopes, be aware of paid components such as Things 3, and keep writing samples or context files free of secrets unless you intentionally want the assistant to retain that information.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

README.md

Install each tool individually: ... clawhub install gog ... clawhub install things-mac ... clawhub install notion ... clawhub install healthcheck ... clawhub install skill-vetter-plus

The pack's practical setup depends on several separately installed tools or skills; this is central to the stated curation purpose, but those installs bring their own code, provenance, and permissions.

User impactInstalling the pack alone is low impact, but following the setup can add other tools that may access mail, calendar, tasks, or Notion data.

RecommendationInstall only the components you need, verify each tool's publisher/source, and review each tool's permissions before authorizing it.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

scripts/pa-cli.py

print("  Follow-up tracked (stub). You will be reminded before the deadline.")

The CLI is a stub and does not actually store reminders, but this result-like wording could be misunderstood if the '(stub)' qualifier is missed; the surrounding documentation does disclose that automation is not implemented.

User impactA user or agent could mistakenly rely on a stub output as if a real reminder or check had been created.

RecommendationTreat the CLI as a demonstration only and confirm important actions in the actual task, calendar, mail, or Notion tools.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

README.md

gog — Google Workspace ... Google account ... # (OAuth setup required) ... notion ... Notion account + API key

The recommended stack uses Google account OAuth and a Notion API key; that credential use is expected for the stated Google Workspace/Notion workflow, but it is sensitive.

User impactOAuth grants and API keys can expose email, calendar, Drive, or workspace notes depending on the scopes granted to the external tools.

RecommendationUse the narrowest scopes available, prefer read-only access where possible, keep API keys out of prompts/logs, and revoke access for tools you stop using.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

PA_GUIDE.md

Collect 5-10 examples of your own writing ... The context kernel ... holds: Recent decisions ... Active projects ... Preferences ... append to a JSONL file.

The guide encourages using personal writing samples and a persistent context file; this is purpose-aligned for assistant personalization, but it can contain private business context.

User impactWriting samples, project references, decisions, and preferences may reveal confidential or personal information if stored insecurely or reused in unintended tasks.

RecommendationSanitize examples, exclude secrets and client-sensitive data, protect any context file, and define retention/deletion rules for persistent assistant memory.