Skillv1.0.4

ClawScan security

ARCHITECT: Autonomous Goal Execution for AI Agents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 1:08 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested footprint (no installs, no env vars, instruction-only) matches its description as an execution-layer orchestration helper; it does not ask for unrelated credentials or perform hidden actions.
Guidance: This skill is internally consistent and low-risk by itself: it contains only instructions and asks for explicit confirmation before irreversible or credentialed actions. Before installing, consider: (1) how your platform implements 'external/send/publish' actions and which connectors (email, GitHub, cloud providers) are enabled for the agent — those connectors determine what the skill can actually do; (2) if you plan to pair this with apex-agent and agent-memoria, review those skills' scopes and any stored credentials or memory to avoid unintended data exposure; (3) test ARCHITECT in a low-privilege environment and confirm the mission-brief/confirmation prompts behave as described before allowing wide autonomous operation.

Review Dimensions

Purpose & Capability: okName/description promise (an execution layer that decomposes goals and runs tasks) aligns with the SKILL.md instructions. The skill requires no binaries, no environment variables, and no config paths — reasonable for an instruction-only orchestrator. References to apex-agent and agent-memoria are consistent with a stack design rather than unexplained dependencies.
Instruction Scope: noteThe SKILL.md gives detailed runtime instructions for autonomously decomposing and executing tasks and explicitly requires user confirmation for any irreversible, write/send/delete, or credentialed action. It does grant broad discretion to sequence, adapt, and execute tasks (normal for an execution engine). The only caution: 'external action' is broad — how the platform interprets/implements 'send/publish' depends on connectors enabled elsewhere. The skill does not instruct reading arbitrary system files or exfiltrating secrets.
Install Mechanism: okNo install spec and no code files (instruction-only). This is lowest-risk from an installation viewpoint — nothing is downloaded or written to disk by the skill itself.
Credentials: okRequires no environment variables, no credentials, and no config paths. The SKILL.md states it will request credentials before attempting credentialed actions, which is proportionate. There are no unexplained SECRET/TOKEN requirements.
Persistence & Privilege: okSkill flags are default (always:false, agent invocation allowed), which is expected for an autonomous skill. It does not request permanent presence or attempt to modify other skills or system-wide settings. Note: autonomous invocation combined with other skills (apex-agent, agent-memoria) could broaden capabilities — this is a platform composition consideration, not a fault in this skill.