Skillv1.0.0

ClawScan security

Duel Loop · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 13, 2026, 7:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only 'dual-agent QA' workflow whose declared behavior, file usage, and resource requirements match its description — no unexpected installs, credentials, or external endpoints are requested.
Guidance: The design is coherent, but review these operational risks before installing: - Drafts are written to workspace/drafts/<name>-vN.md; ensure that workspace file permissions, retention, and backups meet your privacy requirements (sensitive content may be stored there). - The main agent has full conversation context and is responsible for extracting the TASK_BRIEF: ensure prompts/automation explicitly redact or truncate sensitive data before injecting into subagent prompts. - Test the workflow with non-sensitive examples to verify that the extraction and isolation behave as documented (subagents should not receive extraneous context). - Audit and lock the templates/qa-review-prompt.md file (or review it frequently) to prevent tampering that could change QA behavior. If you need stronger guarantees (no disk persistence, automatic redaction, or encrypted storage), request modifications to the skill to implement them before using with sensitive data.

Purpose & Capability: okThe skill implements a dispatch → review → accept loop for producing and QA'ing documents. It requests no binaries, env vars, or installs, and the files it reads/writes (templates and drafts/*) are consistent with the stated purpose.
Instruction Scope: noteSKILL.md limits what is passed to subagents (only task-related fragments, TASK_BRIEF ≤ 200 chars) and describes isolated runtimes. This stays within the described scope. Note: the main agent still holds full session context and is responsible for extracting/redacting fragments — that creates a normal risk surface where sensitive data could be injected into drafts if the main agent extracts it.
Install Mechanism: okInstruction-only skill with no install spec and no code files. No downloads or external packages; lowest install risk.
Credentials: okNo environment variables, credentials, or config paths are requested. The declared requirements are proportional to a purely orchestration/QA prompt template skill.
Persistence & Privilege: okalways is false and the skill relies on runtime subagents (sessions_spawn) which is consistent with its orchestration role. Autonomous invocation is allowed by platform default but is not combined with other elevated privileges here.