Back to skill
Skillv1.0.0
ClawScan security
Jury · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 8, 2026, 6:42 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's high‑level description claims multi‑agent orchestration but the runtime instructions are vague and provide no concrete mechanisms, which is internally inconsistent and grants broad agent discretion.
- Guidance
- This skill is a high‑level blueprint rather than an actionable integration. Before installing, confirm how your agent runtime will implement the orchestration the skill expects: e.g., what APIs or internal primitives are used to spawn or coordinate sub‑agents, and whether those actions could access files, network endpoints, or credentials. Because the SKILL.md is vague, the agent may decide on its own to gather context or call external services — test the skill in a restricted environment first, avoid granting new credentials, review activity/logs when it runs, and ask the skill author for a concrete runtime spec (endpoints, required inputs, and explicit data‑handling rules) if you need stronger assurance.
Review Dimensions
- Purpose & Capability
- noteName/description claim a multi‑agent deliberation framework. The skill is instruction‑only and requests no binaries, env vars, or endpoints — which is plausible only if the hosting agent provides the orchestration. However, the skill does not declare how it expects to create or coordinate agents (APIs, endpoints, or built‑in primitives), so the claimed capability is underspecified.
- Instruction Scope
- concernSKILL.md contains only high‑level goals and capabilities (deliberation, verdict synthesis, bias mitigation) with no concrete runtime steps. Vague, open‑ended instructions give the agent broad discretion about what to read, call, or create at runtime, which can lead to unexpected data access or network activity depending on the host implementation.
- Install Mechanism
- okNo install spec and no code files — lowest install risk. Nothing is written to disk by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not ask for secrets or unrelated credentials.
- Persistence & Privilege
- okalways:false (default) and no special persistence or system‑wide configuration access requested. Autonomous invocation is allowed by platform default but is not itself a red flag here.