Skillv2.3.5

ClawScan security

Subagent Architecture · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 3:28 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package contents, runtime instructions, and declared requirements are internally consistent with a reference implementation for subagent orchestration; nothing in the bundle or SKILL.md indicates unexplained or disproportionate access requests.
Guidance: This is a coherent reference-implementation skill, but treat the included JS as third-party code before running it. Recommendations: 1) Inspect lib/* and examples for any network calls or unexpected filesystem writes (the cost-logger writes JSONL under a memory/ path). 2) If you plan to enable federated peer review or Discord webhooks, only provide webhook URLs/endpoints you trust and verify where code posts to. 3) Execute examples in an isolated/dev environment first (no production credentials). 4) If you need stricter safety, run the code with limited filesystem permissions or sandboxing and consider disabling autonomous invocation for your agent while you evaluate (set disable-model-invocation or limit skill usage). 5) If anything is unclear, review the specific functions that perform sanitization, spawning, and logging to confirm they match your operational constraints.

Review Dimensions

Purpose & Capability: okThe name/description (subagent orchestration, security proxy, cost-aware spawning) aligns with the provided JS libraries, examples, and templates. The libs implement the advertised features (spawn helpers, cost estimator, quality scorer); no unrelated credentials or binaries are requested.
Instruction Scope: noteSKILL.md clearly states the code is reference-only and not auto-executed; setup.sh only scaffolds and makes no network calls. However the shipped examples and libraries perform file I/O (e.g., JSONL cost logs under memory/), and optional workflows can call external endpoints (Discord webhooks, peer endpoints) only if the user configures them. Review the libs before running examples to confirm behavior you expect.
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes install-time risk. The package nevertheless contains runnable JS files which will be present on disk when you install/use the skill; setup.sh writes local scaffolding. No remote downloads or obscure URLs are used. Treat the included code as third‑party source you will run locally.
Credentials: okThe skill declares no required env vars or credentials. External integrations (Discord webhook, peer endpoints) are explicitly optional and described as opt-in requiring manual configuration. Required resources (file writes) are proportional to the stated functionality (logging, local history).
Persistence & Privilege: okalways is false and the skill does not request elevated or persistent platform privileges. It does not claim to modify other skills or global agent settings. Autonomous invocation remains allowed by platform default, but that is expected for skills and not specific to this package.