ClawHub
Back to skill
v1.0.1

Clawwork Learning Checkin

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:58 AM.

Analysis

No malicious behavior is evident; the skill runs a local check-in helper, stores limited local personalization data, and discloses that it may ask to install a required dependency.

GuidanceBefore installing, confirm you are comfortable with a local Python helper saving nickname, language, and greeting history under the skill directory, and review the separate learning-checkin dependency before approving its installation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
This skill requires the **learning-checkin** skill to be installed... If approved, install from: https://clawhub.ai/daizongyu/learning-checkin

The skill depends on a separate skill and may prompt the user to install it, so the dependency becomes part of the trusted behavior.

User impactApproving installation would add another skill whose code and permissions may affect the overall safety of the check-in workflow.
RecommendationReview the learning-checkin dependency before approving installation, especially its data storage and any commands it runs.
Unexpected Code Execution
SeverityInfoConfidenceHighStatusNote
SKILL.md
python <skill_path>/clawwork_checkin.py checkin

The skill is implemented through local Python CLI commands that the agent is instructed to run for check-ins and profile updates.

User impactUsing the skill will run a local script that can create or update the skill's local data files.
RecommendationUse it only if you are comfortable with the agent running the included helper script for the disclosed check-in actions.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
All data is stored locally in a `data` subfolder next to the skill: profile.json - User profile (nickname, language); greetings.json - Message history

The skill persists user profile and recent greeting history, then reuses that context to personalize future messages.

User impactNickname, language preference, and recent generated messages may be reused in later check-ins.
RecommendationAvoid putting sensitive information into nicknames or generated greeting text, and delete the local data folder if you want to reset the stored context.