Skillv1.0.0

ClawScan security

Bio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 2:30 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is instruction-only and mostly coherent for writing bios, but its prose claims to "learn your voice" and "track" bio elements without specifying where it gets or stores that data, which is an underspecified gap that could let the agent request broad access to user content or persistent storage.
Guidance: This is an instruction-only bio-writing skill and appears to do what it says, but it is vague about how it "learns your voice" and where it "tracks" updates. Before installing or authorizing the agent to act on your behalf, ask the author (or your platform) these questions: 1) How does the skill obtain samples of your writing or speech — will you have to upload them manually or will it request broad access to your files, emails, or cloud storage? 2) If it tracks bio elements, where is that data stored (local agent storage, a third-party service, or the skill author’s server) and for how long? 3) Will any user content be sent to external endpoints or third parties? 4) What explicit prompts or permissions will the agent request before ingesting private materials? If you’re uncomfortable with open-ended data collection or persistent storage, prefer a workflow where you manually provide the text samples and explicitly approve any storage or external sharing.

Review Dimensions

Purpose & Capability: noteThe name and description match the content of SKILL.md (generating and adapting bios for different contexts). However, the doc repeatedly states the skill will "learn your voice" and "track the elements of your bio," yet the skill declares no storage, config paths, or credentials — a plausible design choice but underspecified.
Instruction Scope: noteSKILL.md is prose-only and does not instruct the agent to read system files, environment variables, or call external endpoints. Nevertheless, language like "learns your voice from how you write and talk about your work" and "prompts you to review" is open-ended and could lead an implementing agent to request or ingest user documents, email, audio, or external account data unless constrained.
Install Mechanism: okNo install spec or code files are present; instruction-only skills have the smallest on-disk footprint and pose minimal installation risk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths, which is proportionate for a text-generation bio helper. The SKILL.md does not reference any undeclared secrets or system config.
Persistence & Privilege: noteManifest flags show no persistent or elevated privileges (always:false). However, SKILL.md's claim that the skill "tracks" bio elements implies persistent storage or background monitoring; the skill provides no mechanism or declaration for where that state would live, creating a mismatch between claimed behavior and declared privileges.