ClawHub
Back to skill
v0.1.0

Joan Workflow

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:52 AM.

Analysis

This is a coherent instruction-only Joan workflow guide, with only purpose-aligned cautions around account access, shared workspace changes, and persistent AI context files.

GuidanceThis skill appears safe to install as an instruction-only guide. Before following its commands, make sure you are using the intended Joan account and workspace, review generated CLAUDE.md context, and be careful with push, update, and archive commands because they can affect shared workspace data.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
`joan pod push` ... `joan todo update <id>` ... `joan todo archive <id>` ... `joan plan push <todo-id>`

The documented Joan CLI workflows include actions that can update, archive, or push workspace content to a server. This is clearly related to Joan workflow management, but it can affect shared data.

User impactFollowing these commands may change or share workspace pods, todos, or plans with a team.
RecommendationConfirm the target workspace, todo, pod, or plan before running push, update, or archive commands.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
The MCP server uses OAuth 2.1 authentication. Authenticate via the CLI first with `joan auth login`.

The skill discloses OAuth-based Joan account authentication. This is expected for accessing a user’s Joan workspaces, but it gives the Joan CLI/MCP integration delegated account access.

User impactUsing the integration may allow access to Joan workspaces available to the logged-in account.
RecommendationAuthenticate only with the intended Joan account and review the workspace access granted by that account.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
`joan context claude` ... Generate CLAUDE.md with Joan context

The skill documents generating a persistent CLAUDE.md file from Joan context. This is purpose-aligned, but content placed in an AI context file can influence later assistant behavior.

User impactWorkspace knowledge may become persistent project context that future AI sessions read and rely on.
RecommendationReview generated CLAUDE.md content before relying on it, especially if pods are edited by multiple people.
Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Joan provides an MCP server at `https://joan.land/mcp/joan` with tools: `list_workspaces`, `list_pods`, `get_pod`.

The skill discloses an external MCP server that can list workspaces and retrieve pod content. This is coherent with the Joan workflow, but it creates an external tool boundary for workspace data.

User impactWorkspace and pod information may be accessed through Joan’s MCP service when configured and authenticated.
RecommendationUse the MCP integration only for workspaces where sharing pod content with the assistant is intended.