Skillv1.0.1

ClawScan security

Xiaguang Harness [DEPRECATED → use trinity-harness] · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 8, 2026, 5:06 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only agent harness whose requested actions (file checkpoints, running tests, commits, restarts) match its stated purpose, but it assumes broad filesystem/CLI access that isn't explicitly declared and the package metadata/ownership are sparse.
Guidance: This skill is an instruction-only engineering harness and appears to be what it claims. Before installing or enabling it for an agent, confirm whether you are comfortable granting the agent: (1) filesystem write/read access (it will create checkpoints and overwrite files), (2) the ability to run shell/test/CI commands (ls, grep, wc, test runners, git), and (3) the ability to interact with or restart services. The metadata lacks declared required binaries or owner/homepage and the skill is marked deprecated in its name — prefer the recommended replacement (trinity-harness) if available. If you will run this on production systems, restrict the agent's permissions (run in an isolated repo/container, limit paths, require human confirmations for deploy/restart steps) and audit any commits or service restarts the agent proposes.

Review Dimensions

Purpose & Capability: okThe SKILL.md describes an engineering 'harness' for multi-step agent work and includes concrete steps (spec, plan, build, verify, checkpoint). The actions it prescribes (write checkpoints to files, run tests, commit, verify API responses, restart services) are coherent with a development/CI-style harness.
Instruction Scope: noteThe instructions explicitly tell the agent to read/write files, run shell-like verification commands (ls, wc, grep), run tests, perform commits/checkpoints, and restart/verify services. Those actions align with the harness purpose but grant the agent broad discretion to interact with the host filesystem and services. SKILL.md does not enumerate or constrain which paths, repos, or services to operate on.
Install Mechanism: okThis is an instruction-only skill with no install steps and no code files to write at install time, which is low-risk from an installation/execution perspective.
Credentials: noteNo environment variables, binaries, or credentials are declared in the metadata. However, the runtime instructions assume availability of command-line tools (git, ls, grep, wc, test runners) and access to the filesystem and services. The metadata omission is a minor inconsistency — the harness legitimately requires host/agent tooling and file access but does not declare these expectations explicitly.
Persistence & Privilege: okThe skill is not always-on and uses normal autonomous invocation defaults. It does not request persistent system-wide changes in metadata; its workflow recommends writing checkpoints to files and committing changes, which is expected for a harness.