Skillv1.0.0

ClawScan security

Plans Methodology · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 20, 2026, 6:56 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only methodology for creating and tracking plans in a workspace; the instructions, requirements, and behavior are coherent with the stated purpose.
Guidance: This skill is a coherent, instruction-only methodology that will read and write files under a 'plans/' directory in the agent's workspace and may reference other agents' plan paths for delegation. Before installing or enabling autonomous use: (1) confirm you are comfortable with the agent creating/modifying files in its workspace, (2) avoid storing secrets or credentials in plan docs, (3) define and enforce access/approval policies if multiple agents share workspaces, and (4) consider reviewing generated plan files the first few times the skill runs. No network downloads or extra credentials are requested by this skill.

Purpose & Capability: okThe skill name and description match the SKILL.md content: it specifies a filesystem-based plans layout, lifecycle, delegation patterns, and runbook-like guidance. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope: noteThe instructions direct the agent to read and write a local 'plans/' workspace (create README.md, move plan folders between state directories, check plans on session start) and to reference other agents' plan paths for delegation. This is within the expected scope for a planning methodology, but it does mean the agent will access and modify files in the workspace and may reference other agents' workspace paths.
Install Mechanism: okThere is no install spec and no code files; the skill is instruction-only so nothing is downloaded or written by an installer.
Credentials: okNo environment variables, credentials, or config paths are required. The declared requirements are minimal and proportional to a document-based planning methodology.
Persistence & Privilege: notealways:false and the skill does not request elevated or platform-wide privileges. It expects to create and modify files under the agent's workspace (plans/), which is normal for this purpose but is persistent workspace modification behavior the user should be aware of.