Back to skill
Skillv1.0.0
ClawScan security
Focus Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 8:09 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instructions are internally consistent: the skill only asks the agent to read and maintain small workspace files (FOCUS.md and FOCUS-LOG.md) to preserve task state across sessions.
- Guidance
- This skill is coherent and low-risk in that it only reads and writes small Markdown files in your workspace. Before installing, review and decide whether you want the agent to auto-read/write a FOCUS.md that can cause it to resume work without asking. If your workspace contains sensitive data, avoid storing secrets in FOCUS.md/FOCUS-LOG.md. Consider creating a dedicated workspace or using a template FOCUS.md to control what the agent can read/append.
Review Dimensions
- Purpose & Capability
- okThe name/description (track and persist focus across compactions/restarts) matches the instructions: the skill solely reads/writes FOCUS.md and FOCUS-LOG.md in the workspace root. There are no unrelated requirements (no env vars, binaries, or external services).
- Instruction Scope
- noteAll runtime instructions are local-file operations (read/write/append) and guidance about when to update/read the files. This is within the declared purpose, but be aware the agent is instructed to automatically read FOCUS.md at session start and after compaction (i.e., it may resume work or act based on file contents without asking the user). The SKILL.md also references other agent files (SOUL.md, USER.md) as part of the session-start order — that is plausible but means the agent will read multiple local state files.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing will be downloaded or written to disk beyond the files the instructions explicitly direct the agent to manage (FOCUS.md and FOCUS-LOG.md).
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The only persistence requested is text files in the workspace root, which is proportional to the stated purpose.
- Persistence & Privilege
- noteThe skill is not always-enabled and has no install-time modifications. However, it explicitly instructs the agent to include reading FOCUS.md in its session-start routine; combined with normal autonomous invocation, this means the agent may automatically resume tasks across sessions. This is behaviorally persistent (files remain on disk) but does not modify other skills or system settings.