v1.0.1

Safe Action

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:46 AM.

Analysis

This instruction-only skill is a coherent safety checklist that discloses its external API use and does not request credentials, code execution, persistence, or local system access.

GuidanceThis appears safe to install as an instruction-only pre-flight checklist. Before using it, be comfortable with sending brief action metadata to AgentUtil services and with any small x402 charges for paid checks. Do not include passwords, secrets, customer records, or detailed private content in the action description.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityInfoConfidenceHighStatusNote

SKILL.md

Each sub-check costs $0.001-$0.003 via x402 (USDC on Base). A full pre-flight (all three checks) costs ~$0.004-$0.008.

The skill discloses that some external checks may have a small cost. This is not suspicious because it is clearly stated and aligned with the service workflow, but users should be aware before repeated use.

User impactRepeated pre-flight checks could incur small charges if paid endpoints are used.

RecommendationConfirm payment behavior in your environment and use free endpoints or manual review if you do not want the agent to incur charges.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

This skill sends action descriptions, platform names, and timezone identifiers to three external APIs.

The skill explicitly discloses that pre-flight checks involve sending action metadata to external AgentUtil services. This is expected for the stated purpose, but it means some task context leaves the local agent environment.

User impactDetails about planned high-stakes actions, such as platforms, resources, timing, or action descriptions, may be sent to third-party services.

RecommendationUse concise action descriptions and avoid including secrets, credentials, private document contents, customer data, or other unnecessary sensitive information.