Skillv1.0.0

ClawScan security

BOOK BRAIN – LYGO 3-Brain Filesystem Helper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only utility for organizing an agent's filesystem memory: its requirements and instructions align with its stated purpose and it does not request credentials or perform installs.
Guidance: This skill is coherent and low-risk: it only provides text guidance for organizing files and asks the agent to create indexes, logs, and reference stubs. Before installing/use: (1) run it in a workspace you can back up or a fresh Haven if you want to avoid surprises; (2) confirm the agent is configured to prompt you before overwriting or modifying existing folders (the skill advises doing this, but enforce it); (3) review the example files included (references/book-brain-examples.md) so you know exactly what folders/files the agent will create; and (4) note the skill has no published source/homepage—treat it as community-contributed documentation and inspect created files/logs for unexpected content.

Review Dimensions

Purpose & Capability: okName/description match the actual content: the skill is a filesystem/memory organization guide and only requires the agent to read/write/create files and folders. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope: okSKILL.md instructs the agent to create folders, write index/stub files, and append logs while explicitly avoiding deletion/overwrite of existing data and encouraging human confirmation when conflicts occur. All actions described are consistent with the stated goal of organizing persistent agent memory. (Note: a portion of the SKILL.md was truncated in the provided manifest but the visible instructions are narrowly scoped to filesystem organization.)
Install Mechanism: okNo install spec and no code files are included — this is instruction-only, so nothing will be downloaded or written by an installer. This is the lowest-risk install profile.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The guidance mentions external links only as references; nothing in the instructions requires secret or unrelated credential access.
Persistence & Privilege: okalways is false and autonomous invocation is the platform default. The skill does not request persistent system-wide changes or modification of other skills' configurations; it only instructs the agent to create files/folders within the agent workspace, which is appropriate for its purpose.