Skillv1.0.1

ClawScan security

claw-superpowers · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 2:52 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions broadly match a developer workflow, but its runtime instructions require file-system and VCS actions (reading files, writing docs, committing, creating branches, spawning subagents) while the metadata declares no binaries, config paths, or credentials — and the SKILL.md enforces a mandatory, wide-scope invocation policy; these mismatches merit caution.
Guidance: This skill is a process/methodology that will direct the agent to read and modify your repository (write design files, commit, create branches), run tests, and spawn subagents — but the package metadata does not declare those runtime requirements. Before installing or enabling it, consider: 1) Will you allow an agent to write files and run git commands in repos it has access to? 2) Do you trust the agent to follow the 'hard gates' and automatic invocation policy (it demands being checked before any action)? 3) If you permit commits or pushes, ensure your git credentials and remote access are appropriately scoped (or run the agent in a sandboxed environment). If uncertain, test the skill in an isolated repo or environment and review any files/commits it produces before merging.

Review Dimensions

Purpose & Capability: noteThe skill describes an agentic software-development methodology and the SKILL.md contains sections for brainstorming, planning, TDD, debugging, git worktrees, branching, committing, and invoking subagents — which is coherent with the stated purpose. However, the metadata declares no required binaries, no config paths, and no credentials even though the instructions assume access to the repository filesystem and git operations (writing docs, committing, creating branches). The lack of declared filesystem/VCS requirements is an inconsistency.
Instruction Scope: concernThe runtime instructions tell the agent to inspect project files, recent commits, create and save design docs under docs/plans/..., commit those files, use git worktrees, run tests, spawn/dispatch subagents and parallel agents, and enforce hard gates (e.g., 'do NOT write code until design approved'). It also mandates forced invocation ('you MUST use it') and that the skill be checked before any response. These are broad, prescriptive actions that give the skill wide discretion over reading/writing the repo and invoking other skills or subagents — scope is larger than what the metadata declares and could cause repeated or intrusive cross-skill invocations.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so there is nothing being downloaded or written by an installer. That lowers install-time risk.
Credentials: noteThe skill declares no required environment variables or primary credentials, which is good. But the instructions implicitly require write access to the repository and the ability to run git operations (which on many setups requires git to be available and user credentials for pushing/committing). Those implicit privileges are not declared; users should be aware the agent may attempt VCS operations that use local git credentials or SSH keys.
Persistence & Privilege: noteThe skill does not request 'always' inclusion and does not try to change other skills' configs. However, its content repeatedly pressures the agent to always invoke it when relevant and to spawn subagents/processes. While not a metadata privilege, the enforced invocation policy increases the operational footprint if the agent follows the instructions autonomously.