Back to skill
Skillv1.0.0
ClawScan security
Team Communication · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 7:25 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and scope match its stated purpose (agent-to-agent team messaging) and it requests no extra privileges or installs.
- Guidance
- This skill appears coherent and low-risk: it only documents using platform session APIs to message named agent roles. Before installing, confirm: (1) the mapping of sessionKey values to real agents (ensure they are the intended recipients), (2) that sessions_send has appropriate access controls and audit/logging so sensitive data isn't accidentally forwarded, and (3) you are comfortable installing an instruction-only skill from an unknown source (no homepage/owner info). If you plan to send any secrets or credentials via messages, avoid using this channel or enforce strict policies/logging on session traffic.
Review Dimensions
- Purpose & Capability
- okThe name/description describe intra-agent team communication and the SKILL.md contains only a small directory of session keys and examples using sessions_send and sessions_list — these match the stated purpose and no unrelated capabilities or credentials are requested.
- Instruction Scope
- okInstructions are narrowly scoped: call sessions_send(sessionKey=..., message=...) and sessions_list. The document does not instruct reading files, environment variables, or contacting external endpoints beyond the implied platform session API.
- Install Mechanism
- okNo install specification and no code files are present (instruction-only), so nothing is written to disk and there is no third‑party install risk.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths — nothing disproportionate is being requested for a messaging helper.
- Persistence & Privilege
- okalways is false and model invocation is allowed (the platform default). There is no request for permanent presence or modifications to other skills/configurations.