Skillv1.2.1

ClawScan security

Lattice · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 11:15 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only scaffolding/template pack for running a file-driven multi-agent pipeline; its requests and instructions are coherent with that purpose and it does not ask for credentials, install code, or reach out to external endpoints.
Guidance: This skill is basically a template pack and a design doc for a multi-phase pipeline; it appears internally consistent. Before installing or running: 1) Backup your workspace and confirm the chosen target directory, because the scaffolding will create/overwrite files under <target>/ORG/. 2) Review the templates (especially PIPELINE_STATE.json and Orchestrator prompt) so you understand what files agents will read/write and what will be broadcast to notification channels. 3) The orchestrator logic assumes the ability to spawn sessions (sessions_spawn) and to pass model/agent IDs — ensure your platform's session-spawn and cron permissions, and lock down which agentIds/models are allowed to be used to avoid inadvertent cost or scope escalation. 4) The templates explicitly exclude secrets, but double-check you don't accidentally put tokens/credentials into any generated files (notification channel or agentId fields should be identifiers, not secret tokens). 5) If you plan to allow autonomous runs, limit who can change the config (escalation chains, triage rules, notify channels) and audit initial runs. If you want added assurance, test the init flow in an isolated sandbox repository first.

Review Dimensions

Purpose & Capability: okName/description claim to provide a file-based 'Lattice' org and pipeline framework matches the contents: templates, prompts, and a long SKILL.md describing scaffolding and orchestration. There are no unrelated environment variables, binaries, or install steps requested — everything needed is local template files and instructions to copy/customize them.
Instruction Scope: noteThe runtime instructions instruct the agent to scaffold an ORG/ directory, replace placeholders, and populate PIPELINE_STATE.json and other files — all local file operations consistent with the stated purpose. The guides also describe use of platform primitives like sessions_spawn to spawn sub-agents and require the orchestrator to pass explicit model/agent arguments. This is expected for an orchestrator design doc, but it assumes platform-level capabilities (session spawning, cron triggers) that the skill itself cannot provide. Nothing in the instructions asks the agent to read or exfiltrate secrets or to contact unknown external endpoints.
Install Mechanism: okNo install spec or code is included; the skill is instruction-only and ships templates and prompt files. No downloads, extracted archives, or third-party package installs are performed.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The SKILL.md does request the user configure agentIds and model names in pipeline state, which is appropriate for orchestrating agents but does not require secrets or unrelated credentials.
Persistence & Privilege: okThe skill does instruct creating and modifying files under the chosen target workspace (ORG/). always:false and default autonomous invocation are used. The templates explicitly forbid modifying system config/gateway and recommend change control. There is some operational risk in that an Orchestrator (once implemented) would spawn sub-agents and update project files automatically — this is coherent with the skill purpose but you should ensure platform-level permissions and model/agent mappings are controlled.