Skillv1.0.1

ClawScan security

Collaboration Helper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 8:50 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a small, self-contained JSON-backed task tracker and its code is consistent with that purpose; the main issues are minor documentation mismatches and the CLI's ability to read/write an arbitrary path if misused.
Guidance: This skill appears to implement exactly what it claims: a simple JSON-backed task tracker. Before installing or granting it autonomous invocation: 1) Note the documentation mismatches (flag name and field names); confirm you (or the agent) will call the script with --data, not --workspace, and expect the 'created' field. 2) Treat the skill like any file-writing utility: avoid pointing --data at sensitive system paths because it will create/overwrite the target file. 3) Review the small Python script yourself (it's short and readable) or run it in a sandbox to verify behavior. 4) If provenance matters, check the GitHub link and author reputation (owner id is unknown). None of the code performs network I/O or reads environment secrets, so there is no immediate sign of exfiltration.

Purpose & Capability: okName/description (collaboration task tracker) align with the included Python script and data file. There are no unrelated env vars, binaries, or external services required.
Instruction Scope: noteSKILL.md describes the expected CLI behavior but contains small inaccuracies: it mentions a --workspace flag while the script implements --data; the documented task field name is "created_at" but the code and sample use "created"; SKILL.md references a file name 'collaboration-guidelines.md' while the repository has 'collaboration-guide.md'. These are documentation mismatches (not evidence of malicious behavior) but could cause confusion at runtime.
Install Mechanism: okNo install spec; the skill is instruction-only plus small Python scripts included in the package. No network downloads or third-party installer steps are present.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The code does not read secrets from the environment or attempt network access.
Persistence & Privilege: noteBy default it writes to its own data/tasks.json within the skill folder, which is reasonable. The CLI accepts a --data path (documented as --workspace in SKILL.md), allowing the tool to read/write a tasks.json at any location the invoking agent/user points to — a functional convenience but one to be aware of because it can overwrite files if misused.