Skillv1.0.0

ClawScan security

Keep Learning Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 8:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description (continuous-learning framework) is plausible, but the runtime instructions reference and execute system-level files and global config paths (e.g., G:\clawbot\config\self-repair.ps1, SOUL.md, AGENTS.md, skills-config.json) without declaring required permissions or credentials — this mismatch warrants caution.
Guidance: This skill may be useful, but exercise caution before enabling it system-wide. Actionable steps: 1) Verify the skill's source (author unknown) and prefer a trusted origin. 2) Inspect any referenced host scripts before running them (G:\clawbot\config\self-repair.ps1, autoload-configs.ps1) — open them and confirm they do only the expected checks/updates and do not send data to external endpoints. 3) Check files the skill will read (SOUL.md, AGENTS.md, MEMORY.md, skills-config.json) for sensitive information; back them up before running. 4) Run the skill in an isolated/test environment (or sandbox) first. 5) Confirm what external integrations (Feishu, Telegram, Email) are actually used and require credentials; only provide minimal, scoped credentials and preferably service accounts with limited permissions. 6) If you plan to allow automatic invocation, require the author to explicitly document why access to global paths is needed and to supply a safe, auditable self-repair script. If you cannot inspect the referenced scripts or verify their behavior, do not enable the skill on production systems.

Review Dimensions

Purpose & Capability: concernThe skill claims to be a knowledge/learning framework, which is reasonable. However its instructions reference absolute system paths (G:\clawbot\config\self-repair.ps1, autoload-configs.ps1) and files outside the skill directory (SOUL.md, AGENTS.md, MEMORY.md, skills-config.json). Those global, system-level accesses are not described in the high-level purpose and suggest the skill expects access to the host's configuration and other skills' state — a capability that is disproportionate to a simple templating/indexing feature.
Instruction Scope: concernSKILL.md explicitly instructs the agent to read many external files and run PowerShell scripts (e.g., run G:\clawbot\config\self-repair.ps1, load G:\clawbot\config\autoload-configs.ps1, read SOUL.md/AGENTS.md/MEMORY.md) and to run Python indexing scripts. Those actions allow reading arbitrary files and executing arbitrary code on the host, which is broader than the skill's stated purpose and creates risk (possible exposure of sensitive data or unwanted system changes).
Install Mechanism: noteThis is an instruction-only skill (no install spec, no code files bundled that would be executed on install), which reduces installation risk. The _meta.json lists dependencies (powershell, python3, requests) but there is no automated installer or external downloads declared. Absence of an install step is lower risk, but the skill still instructs execution of host scripts.
Credentials: concernThe skill declares no required environment variables or credentials, yet references integration points (feishu_api.py, mentions Feishu/Telegram/Email integrations) that normally require API keys/tokens. It also targets global config files (skills-config.json) and memory files which may contain secrets or other skills' credentials. The lack of declared credentials combined with expected external integrations and filesystem access is disproportionate and unclear.
Persistence & Privilege: concernalways:false and normal autonomous invocation are set (no excessive platform privilege). However the skill instructs use of autoload scripts and a self-repair script located in a global config directory — behavior that can alter or rely on host-wide configuration. That raises persistence/privilege concerns if those scripts modify global state or other skills' registration (skills-config.json).