Skillv1.0.0

ClawScan security

Multi-Chat Context Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 25, 2026, 2:04 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it implements a simple local CLI JSON context store with no network calls or extra credentials, and the files and instructions match the stated purpose.
Guidance: This skill appears to do what it says: a small, local CLI context store that writes plaintext JSON. Before installing or using it, consider: (1) Data sensitivity — contexts are stored unencrypted in data/contexts.json, so avoid storing secrets or sensitive PII. (2) Storage location and permissions — the default path is inside the skill directory; you may want to move it or restrict filesystem permissions. (3) Concurrency — there is no file-locking; concurrent writes may corrupt the file. (4) Test/code inconsistencies — tests set CONTEXT_STORAGE_PATH but the main code ignores it; if you need a custom path, modify the code to honor an env var. (5) Minor bugs — stored timestamps use the script file mtime instead of the current time (adjust to use datetime.now()). (6) No network or credential access detected. If these limitations are acceptable, the skill is coherent and low-risk; otherwise, review/patch the code (particularly storage path handling and timestamping) before use.

Review Dimensions

Purpose & Capability: okName/description (store/retrieve/clear per channel/user) align with the provided Python script, shell wrapper, and example usage. Only python3 is required and the code performs only local JSON file operations — proportional to the stated purpose.
Instruction Scope: noteSKILL.md instructions map directly to the scripts and describe manually invoking the CLI. The runtime instructions do not reference external endpoints or unrelated system paths. Notes: the tests attempt to set CONTEXT_STORAGE_PATH but the main code does not read that env var (so tests are buggy/inconsistent), and store_context uses os.path.getmtime(__file__) as a timestamp (likely a logic bug — returns file modification time, not current time). These are correctness issues, not evidence of malicious scope creep.
Install Mechanism: okNo install spec; the skill is instruction-only but bundles small scripts and tests. No network downloads or archive extraction are performed by an installer. Risk surface is limited to the included local Python scripts writing a JSON file.
Credentials: noteThe skill declares no required environment variables or credentials, and the code does not request secrets. The test file sets CONTEXT_STORAGE_PATH to point tests at a temp file, but the main code does not read that env var — an inconsistency (likely a test bug). No disproportionate credential or config access is present.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable. Its persistence is limited to writing a local plaintext JSON file (data/contexts.json) within the package tree; it does not modify other skills or system-wide settings.