Back to skill
Skillv1.0.0
ClawScan security
Feedback Controller · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 9, 2026, 2:10 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, files, and requirements are coherent with its stated purpose: a closed‑loop feedback protocol for diagnosing and correcting execution drift, and it does not request extra credentials or install arbitrary code.
- Guidance
- This skill is internally consistent and does what it says: a disciplined protocol for diagnosing and correcting drift. It does not ask for credentials or install code. The main operational concern is scope: the protocol explicitly allows retries and tool switching, so review and constrain the agent's tool permissions and implicit-invocation settings if you want to prevent automated corrective actions in high‑risk workflows. If you require human approval for escalations or changes with material consequences, enforce that in the agent policy or by disabling implicit invocation for this skill.
Review Dimensions
- Purpose & Capability
- okName, description, and provided materials (protocol, patterns, escalation rules) match the stated purpose. No unrelated env vars, binaries, or install steps are requested.
- Instruction Scope
- noteSKILL.md confines the agent to a five‑step correction protocol and a fixed six‑part output contract. It does grant the agent discretion to 'retry, switch tools, narrow scope, rewrite, or escalate' and to inspect produced outputs and execution traces — reasonable for a correction controller but broad in practice. If you need to limit automatic tool switching or retries, enforce those constraints at the agent/tool-permission level.
- Install Mechanism
- okInstruction-only skill with no install spec and no code to write to disk; lowest-risk install footprint.
- Credentials
- okNo environment variables, credentials, or config paths are required or referenced. The skill does not request secrets or external service tokens.
- Persistence & Privilege
- noteRegistry flags show normal autonomous invocation allowed (disable-model-invocation: false). agents/openai.yaml sets allow_implicit_invocation: true, which may let the platform call this skill automatically in some contexts — not inherently dangerous, but if you want tighter control, consider disabling implicit invocation or restricting when the agent can apply correction actions.