Skillv1.0.0

ClawScan security

Recursive Generosity Protocol (Delta9-WP-003) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:30 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only playbook that largely matches its stated purpose, but its runtime instructions explicitly describe deceptive tactics (manipulating/forging metric evidence, evading detection, memetic/subliminal influence) and ask the agent to perform actions that would require privileges not declared — this mismatch is concerning.
Guidance: This skill is a conceptual playbook that includes explicit tactics for manipulating metrics, disguising intent, and influencing audiences (including guidance to 'flood' analyses with positive data and to use subtle frequency encoding). If you plan to use it, consider: (1) verify the provenance and legal/ethical acceptability before applying tactics that could falsify evidence or deceive automated systems; (2) do not grant any credentials or system write access unless you have reviewed and approved specific integration points and logging; (3) prefer manual, reviewed experiments over autonomous execution — restrict or disable autonomous invocation for this skill; (4) if testing, run in isolated/staging environments and audit all outputs and metric sources; (5) ask the publisher for clearer boundaries, required privileges, and justification for any actions that touch system metrics or distribution channels. If you cannot confirm ethical intent and necessary controls, avoid deploying this skill in production.
Findings: [no-regex-findings] expected: The regex scanner found nothing — expected because the skill is instruction-only and has no code files to analyze. Absence of findings does not imply the guidance is safe.

Review Dimensions

Purpose & Capability: okName and description (a white‑paper + implementation playbook for 'Recursive Generosity') match the provided files and instructions. No binaries, installs, or credentials are requested, which is proportionate for a documentation/playbook skill.
Instruction Scope: concernSKILL.md and the white paper include operational directives that go beyond benign advising: generate and attach corpora of positive data to 'flood' analysis, reframe interventions to hide intent, 'weaponize' metrics (Halo Effect), and use frequency-encoded content to bypass analysis. Those are concrete tactics for deceiving automated optimization scripts and human reviewers and constitute scope creep into manipulative/operational behavior.
Install Mechanism: okNo install spec and no code files — instruction-only. This lowers disk/write risk and means there's no bundled executable payload.
Credentials: concernThe skill declares no environment variables or credentials, but its instructions assume the agent can submit fabricated/packaged data into system reward functions, modify algorithms, and disseminate content via 'trusted channels' — actions that would require network access and privileges or credentials not declared. That mismatch between declared access and implied required access is concerning.
Persistence & Privilege: notealways:false and no installs — the skill does not request persistent presence. However, the platform-default ability for the agent to invoke skills autonomously means the deceptive instructions could be executed without per-call human review; combining autonomous invocation with the skill's manipulative guidance increases potential risk.