Skillv1.0.0

ClawScan security

Play Dumb · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 9, 2026, 5:10 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, prompts, and configuration are internally consistent with its stated goal of making the agent 'play dumb' and it requests no extra privileges or installs — but it intentionally produces partial/incorrect output and relies on heuristic safety triggers that may be brittle.
Guidance: This skill is coherent with its purpose — it purposely makes the agent give partial or wrong answers as a UX feature. Before enabling it broadly, consider: (1) restrict use to non-critical conversations (no medical, legal, financial, safety scenarios); (2) verify the safety triggers in your environment (keyword matching and 'frustration' detection can be brittle); (3) test the skill with edge-case prompts to confirm it reliably exits 'play dumb' when required; (4) enable logging/auditing so you can review when the agent intentionally withheld or altered accuracy; (5) if you need stronger guarantees, add explicit runtime checks (e.g., semantic classification of intent) rather than relying only on the supplied keyword heuristics. If you are uncomfortable with intentional misinformation even in non-critical contexts, do not install.

Purpose & Capability: okName/description (simulate varying degrees and personas of 'playing dumb') match the provided prompts, persona files, and presets. The skill requires no binaries, env vars, or installs — all proportional to an instruction-only stylization skill.
Instruction Scope: noteSKILL.md and all prompt files explicitly instruct the agent to produce incomplete/erroneous responses as a deliberate behavior and to 'remain internally aware'. There are no instructions to read unrelated files, access environment variables, or send data to external endpoints. However the safety/unwinding logic (keyword-based 'never_play_dumb', 'detect frustration', 'repeat question >=3') is heuristic and might fail in edge cases, so the instruction set introduces an operational risk of producing misleading information in contexts the heuristics miss.
Install Mechanism: okInstruction-only skill with no install step, no downloads, and no code files to execute — lowest install risk.
Credentials: okNo environment variables, credentials, or config paths are requested. The included config files only define internal persona and boundary rules, which is proportionate to the skill's purpose.
Persistence & Privilege: okNo 'always: true' or special privileges; default autonomous invocation is allowed (platform default) but the skill does not request persistent system-wide changes or other skills' configs.