ClawHub
Back to skill
v1.0.0

Task Finish Contract

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:14 AM.

Analysis

This instruction-only skill is coherent and purpose-aligned, with minor cautions about autonomous follow-up wording, local file scanning, and persistent task evidence logs.

GuidanceThis skill appears safe to install as a process aid. Before using it broadly, make sure your agent still asks before important actions, avoids putting secrets in evidence, and keeps any memory or task logs limited to non-sensitive workspace information.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
Planning-only replies: max 1
- Next reply MUST contain execution evidence
- Never end with "I will now..." without tool result

These instructions deliberately change stopping conditions and push the agent toward producing execution evidence. That matches the skill's task-completion purpose, but it can affect how the agent responds when the user only wants planning or approval before action.

User impactThe agent may be more likely to continue into execution-oriented responses instead of pausing after a plan.
RecommendationUse this as a workflow aid, but require the agent to pause for explicit approval before risky, irreversible, public, or account-changing actions.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
references/privacy-checklist.md
Get-ChildItem . -Recurse -File | Select-String -Pattern 'apiKey|token|secret|password' -CaseSensitive:$false

The checklist suggests a recursive PowerShell search through local files. It is intended to find sensitive strings before logging evidence, but matching lines may display secrets in the agent context or logs.

User impactIf run in a large or sensitive directory, the command could reveal secret values or private file contents in the session.
RecommendationRun the scan only in the intended workspace, avoid pasting full secret-containing matches into task evidence, and prefer redacted or filename-only reporting when possible.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Select-String "Goal" memory/{date}.md

The verification criteria reference a persistent memory file for goal/progress/next tracking, and the evidence format may include artifact paths, URLs, or IDs.

User impactTask details or artifact references could persist beyond the immediate conversation if recorded in memory.
RecommendationKeep completion logs minimal, use relative paths, avoid credentials or personal data, and periodically prune task memory if it is no longer needed.