Skillv0.1.2

ClawScan security

AOI Council · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 15, 2026, 6:57 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (multi-perspective decision templates); it contains a small local helper script and bundled agent templates but requests no credentials, does not download code, and does not reach out externally.
Guidance: This skill appears coherent and low-risk: it ships a set of Markdown templates and a tiny local script that enumerates them and prints a JSON template. Before installing, you may want to: 1) briefly inspect the bundled agents/*.md files (they're human-readable and included) to ensure no sensitive text is there; 2) confirm your platform's behavior for included code files (skill.js) — some runtimes may execute or import them; and 3) note that autonomous invocation is allowed by default on the platform (normal), so only enable the skill in agents you trust. Minor nit: SKILL.md lists version 0.1.0 while package/registry show 0.1.2 — this is likely a documentation mismatch rather than a security issue.

Purpose & Capability: okName/description (decision synthesis) align with included files: prompt templates in agents/*.md and a small skill.js that enumerates those files and emits a JSON template. There are no unrelated environment variables, binaries, or external service requirements.
Instruction Scope: okSKILL.md and the bundled agent files are limited to generating multi-perspective outputs. The runtime instructions and skill.js only read Markdown files from the packaged agents/ directory and produce a local template; there are no instructions to read other system files, access secrets, or transmit data externally.
Install Mechanism: noteNo install spec is provided (lowest-risk pattern). There is a code file (skill.js) and package.json included, but the package does not declare external downloads or dependencies. Note: the presence of code without an install spec is acceptable but means the platform will use the included files directly — nothing is being fetched from network hosts.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. This is proportionate to a template-driven, read-local-files skill.
Persistence & Privilege: okalways is false and the skill does not request persistent system privileges or modify other skills. It does not write external configs or store credentials. Autonomous invocation is allowed (platform default) but is not combined with other concerning factors here.