ClawHub

Project

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This instruction-only project-management skill is coherent and has no code, install steps, or credentials, but users should notice that it expects to remember project status from conversations and update plans over time.

This appears reasonable for an instruction-only project-management helper. Before using it with real team or client work, decide what project information it may remember, require confirmation for important tracker or timeline updates, and review generated status reports before sharing them.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI06: Memory and Context Poisoning
Low
What this means

A casual or inaccurate chat update could affect future project summaries, task status, or planning assumptions.

Why it was flagged

The skill is designed to convert conversational statements into persistent project-tracking state, which is expected for this purpose but can carry forward mistaken or sensitive project information.

Skill content
The skill tracks projects through conversation rather than forms. When you mention in a chat that the design mockups are done, the skill updates the tracker.
Recommendation

Define which conversations and project details are in scope, and ask the agent to confirm important status changes before treating them as final.

#ASI08: Cascading Failures
Low
What this means

If a deadline or dependency is recorded incorrectly, later plans and status reports may also become incorrect.

Why it was flagged

The skill intentionally propagates schedule changes through dependent tasks. This is project-management behavior, but an incorrect input could cascade into a misleading timeline.

Skill content
When a deadline slips, the skill recalculates the downstream impact immediately rather than waiting for someone to manually adjust twenty linked dates in a Gantt chart.
Recommendation

Review recalculated timelines, dependencies, and milestone changes before sharing them with a team or using them for commitments.