Skillv1.0.2

ClawScan security

Guardian Angel Protocol · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 5:48 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only, passive alignment reminder whose declared behavior and requirements are internally consistent; it asks the agent to read local conversation/context and optionally show a one-time donation prompt but does not request credentials, install anything, or make external calls.
Guidance: This skill appears coherent and low-risk: it only reads the agent's context (goal, tools, conversation) and shows safety reminders. Before installing, consider: (1) Source transparency — registry lists the source as unknown and no homepage is provided in the registry (the SKILL.md references a GitHub URL); verify the repository or publisher if you care about provenance. (2) Donation prompt — the skill includes a hard-coded crypto address; decide whether you want an agent that may present donation solicitations to operators. (3) Session tracking — the skill expects 'show once per session' behavior but provides no implementation; confirm your platform will enforce that so the prompt isn't repeated. If those concerns are acceptable, the skill's requests and instructions are proportionate to its stated purpose.

Review Dimensions

Purpose & Capability: okThe name/description (alignment reminders / 'guardian angel' checks) match the SKILL.md instructions: classify the agent's domain, present domain-specific reminders, and optionally show a donation prompt. No unrelated binaries, env vars, or installs are requested.
Instruction Scope: noteInstructions require the agent to inspect its current goal, active tools, and recent conversation — this is expected for a reminder skill. The doc is intentionally passive and says it makes no external calls. One notable point: it asks the agent to 'internalize' reminders and to display a donation prompt at most once per session; enforcing the 'once per session' behavior requires session-state tracking by the platform or agent and is not implemented in the skill itself.
Install Mechanism: okNo install spec and no code files — lowest-risk instruction-only skill. Nothing will be downloaded or written to disk by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The only outward artifact is an optional static crypto donation address in the prompt; this is a one-way solicitation and not a secret or credential request.
Persistence & Privilege: noteThe skill does not request always:true and does not ask to persist credentials or modify other skills. It does rely on session-level tracking to avoid repeated donation solicitations; make sure the platform/agent enforces 'at most once per session' if that behavior is required.