Skillv0.1.1

ClawScan security

Mythos · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 9:55 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with its stated purpose (multi-round, lens-based reasoning); it requires no extra credentials, binaries, or installs and appears to be an instruction-only protocol for orchestrating multi-pass reasoning.
Guidance: This skill is an instruction-only orchestration protocol for multi-round reasoning and appears internally consistent: it needs no credentials, packages, or installers. Before enabling/use: 1) Confirm your host supports parallel subagent/tool calls and the 'internal/extended-thinking' semantics the skill assumes (otherwise agent-mode behavior may not work as described). 2) Be aware agent-mode can be ~5× the token cost of silent mode — expect higher API usage. 3) The docs suggest optional local edits (adding to CLAUDE.md) and optional calibration scripts in the source repo — treat those as manual, opt-in changes and review them before running. 4) If you plan to expose this skill to autonomous agents, note it will perform internal reasoning by default (silent mode) and may fan out parallel calls in agent mode; that is expected behavior, not hidden exfiltration. Overall the skill is coherent with its stated purpose.

Review Dimensions

Purpose & Capability: okName/description (recurrent-depth, multi-round reasoning) match the SKILL.md and reference docs. The skill requires no binaries, no env vars, and no installs — all coherent for an instruction-only reasoning/orchestration skill.
Instruction Scope: noteSKILL.md and references describe detailed orchestration: mode routing, internal (silent) vs visible (trace) rounds, and an 'agent' fan-out that invokes parallel subagents (the platform's Agent tool) and a merge phase. This is expected for a reasoning/orchestrator skill, but it assumes the host supports concurrent subagent/tool invocations and that the agent will honor 'internal/extended-thinking' blocks. The docs also reference reading/adding to local config files (e.g., advice to add a snippet to CLAUDE.md and to read `.claude/skills/mythos/SKILL.md`), which are user actions rather than automatic behavior — note that implementations that try to auto-edit local config would be outside the skill's bundle and require user consent.
Install Mechanism: okNo install spec and no code files to execute are included in the marketplace bundle; the skill is instruction-only. This is the lowest-risk install model and matches the stated lightweight orchestration purpose.
Credentials: okThe skill declares no required environment variables or credentials and its instructions do not demand external secrets. Reference docs mention optional calibration scripts in the source repo (not bundled) and suggest cloning the upstream repository for tests — these are explicit, optional developer actions and not required for operation.
Persistence & Privilege: okSkill flags: always=false, user-invocable=true, and it does not request to modify other skills or system-wide configs by itself. It suggests that operators may add a snippet to CLAUDE.md to integrate the protocol — that is a manual step and not automatic privilege escalation by the skill.