Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the instructions: the skill enforces goal/progress/next-step reporting and evidence. It reasonably expects access to agent memory files, workspace artifacts, and the ability to verify URLs/paths. One minor mismatch: the SKILL.md uses the PowerShell 'Select-String' command for verification but does not declare a required shell/platform; that is an operational assumption rather than a functional mismatch.
Instruction Scope
All instructions stay within the task-finishing purpose (emit structured progress, produce evidence, verify artifact existence). The skill directs the agent to read memory/{date}.md, artifact paths, and to verify URLs/paths—this is expected for verification. However, the instructions do not include explicit safeguards or redaction rules for removing sensitive data from evidence, and they assume the agent may run commands or perform network checks to validate artifacts; those behaviors can expose secrets if the agent captures unfiltered command output.
Install Mechanism
Instruction-only skill with no install spec and no code files. Lowest-risk installation surface: nothing is written to disk by the skill itself.
Credentials
The skill requests no environment variables, binaries, or external credentials. It does assume access to the agent's workspace, memory files, ability to run checks (filesystem or HTTP) and to produce artifact paths/URLs; these are proportionate to a task-evidence verifier.
Persistence & Privilege
always=false and no config paths or persistent privileges requested. The skill does not attempt to modify other skills or system-wide settings.
Assessment
This skill appears to do what it says, but before installing or using it: 1) confirm the agent platform provides access to the referenced memory and workspace paths and supports the verification commands (the SKILL.md uses Select-String, which is PowerShell-specific); 2) decide and enforce a policy for redacting sensitive data from 'EVIDENCE' (command outputs, artifact contents, URLs) because the skill asks the agent to surface evidence but does not mandate redaction; 3) restrict the skill to contexts where verifying artifact URLs/paths is safe (avoid running it with access to secrets or production credentials); 4) test the skill on non-sensitive tasks first to confirm it behaves as expected and doesn't leak data.Like a lobster shell, security has layers — review code before you run it.
latestvk97csxybvmctd2dsz2q84vk7wh8219bk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.