Skillv1.0.2

ClawScan security

Decision Log · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 8:05 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only decision-journal skill that is internally consistent with its stated purpose: it creates, reads, and summarizes files under a local decisions/ directory and asks the user for review — it requests no credentials, binaries, installs, or external endpoints.
Guidance: This skill is coherent and low-risk: it only asks the agent to create and read files under a decisions/ directory and to prompt you for outcomes. Before installing or enabling autonomous behavior, consider: (1) where decisions/ will live (local disk, repo, cloud sync) and whether you want potentially sensitive business details stored there; (2) whether you want the agent to run the automatic triggers — if not, disable autonomous invocation or remove those trigger instructions from your agent config; (3) never store secrets, credentials, or detailed competitor/customer PII in decision entries; and (4) back up or exclude the directory from any sync/publish workflows you don't control. If you want stronger guarantees, restrict the skill's write/read scope to a sandboxed directory and review agent prompts the first few times it runs.

Review Dimensions

Purpose & Capability: okThe skill name and description (decision journal / review / analysis) match the runtime instructions. All required actions (create decision files, update an INDEX.md, run reviews and analyses) are proportional to the stated goal. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope: noteThe SKILL.md instructs the agent to create, read, and update files under decisions/ and to prompt the user for outcomes and lessons — this is within scope. It also recommends automatic triggers (e.g., ask to log when user mentions spending money, when starting a project, or when adding a tool) and cross-checking with other agent skills (goal-tracker). Those behaviors grant the agent broad discretion to prompt and to create files automatically; this is expected for a journaling skill but may produce many prompts or create entries you didn't intend if the agent is configured to act autonomously. There are no instructions to read files or environment variables outside the decisions/ hierarchy.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only, so nothing is downloaded or written by an installer. This is the lowest-risk install profile.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The SKILL.md does not attempt to access secrets or other environment variables. All file access is local and limited to the decisions/ directory described in the instructions.
Persistence & Privilege: notealways is false (normal). disable-model-invocation is false (normal), meaning the agent can be invoked autonomously by default; combined with the recommended automatic triggers (spend-triggered logging, project-start detection, tool-adoption logging), this gives the skill practical autonomy to prompt and create files when the agent is running. This is a functional behavior of the skill, not a direct security flaw, but you should review agent-level autonomy settings if you don't want automatic logging.