Skillv1.0.0

ClawScan security

Auto-Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 6, 2026, 3:27 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with an automated reporting tool: it asks the agent to collect data, render templates, and deliver reports to channels and cron jobs, and it does not request unrelated credentials or install arbitrary software.
Guidance: This skill appears coherent for scheduled report generation, but it relies on the agent having permission to read data sources and to send messages to channels. Before installing: (1) review and narrow any agent-turn cron prompts so they only reference explicit files/data sources you want the agent to access; (2) prefer isolated sessions for scheduled runs to limit context exposure; (3) confirm which channel integrations (Feishu, Slack, etc.) are connected and what those connectors can send; (4) test cron jobs in a sandbox or staging channel to avoid accidental leakage of sensitive files; and (5) if you need market data from a paid API, consider adding explicit data-source instructions and credentials rather than relying on open web searches.

Purpose & Capability: okName/description match the behavior in SKILL.md: scheduling, collecting data, template rendering, and channel delivery. The examples (cron commands, Feishu card JSON, message tool usage) are coherent for a reporting automation skill and no unrelated environment variables or installers are requested.
Instruction Scope: noteInstructions legitimately require the agent to "read relevant data sources" and give examples that reference files (e.g., health/LOG.md). That is expected for reports, but the language is broad and could lead an agent to access arbitrary workspace files or external sources unless prompts are narrowly scoped. Also suggests web searches for market data (no API specified), which is consistent but open-ended.
Install Mechanism: okNo install spec and no code files are present (instruction-only). This is low-risk: nothing is written to disk or downloaded by the skill itself.
Credentials: okThe skill declares no environment variables or credentials. It expects the platform's existing message/document tools and channel connections to be available; that is proportionate. There are no unexpected credential requests.
Persistence & Privilege: okalways is false and the skill does not request persistent elevation or to modify other skills. Autonomous invocation is allowed (platform default) and is not combined with other red flags.