Skillv1.0.0

ClawScan security

Daily Shortdrama Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 28, 2026, 4:24 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (daily short‑drama report) matches the actions it describes, but its runtime instructions require reading session token usage and team memory files without declaring those dependencies or any limits on what will be read—this mismatch and potential privacy exposure merit caution.
Guidance: This skill appears to do what it says (assemble a daily report), but it expects to read session token usage and read memory files (memory/YYYY-MM-DD.md and memory/targets.md) even though those accesses are not declared in the skill metadata. Before installing: - Confirm whether your agent/platform exposes a session_status tool and a memory/ directory; this skill will try to read them. - Inspect the contents of your memory files (or use test/dummy data) because the skill will read potentially sensitive team or personal data. - Ask the skill author (or documentation) to explicitly declare required config paths/tools and to describe data-handling rules (what is read, retention, redaction). - If you cannot confirm or restrict access to memory, avoid installing or run the skill in a limited/test environment first. - Because the skill is instruction-only (no install), the code risk is low, but the privacy risk from reading agent memory/session state is real—treat it like granting read access to your agent's memory and session logs.

Review Dimensions

Purpose & Capability: okThe name/description (generate a daily short‑drama team report including counts, token usage, progress) aligns with the instructions to collect token usage, daily production records, and target comparisons. Reading memory files and session token counts is coherent for this purpose.
Instruction Scope: concernThe SKILL.md explicitly instructs the agent to call a session_status tool and to read memory/YYYY-MM-DD.md (today and yesterday) and memory/targets.md. These are concrete accesses to session metadata and user memory. However, the skill does not declare these as required config paths/tools or describe limits on what to read or how to sanitize sensitive content (e.g., personal data that may be in memory). It also asks to report 'called skills' which likely requires reading activity logs; the source/permissions for that are not explained.
Install Mechanism: okInstruction-only skill with no install spec or code files. This minimizes code-install risk (nothing is downloaded or written by the skill itself).
Credentials: concernMetadata declares no required env vars or config paths, yet runtime instructions rely on session_status and memory files. That is a mismatch: the skill will access user/session data that is not declared. While no external credentials are requested, the skill still reads potentially sensitive internal data (session token counts and user memory).
Persistence & Privilege: okalways:false and no special persistence or system modifications. Autonomous invocation is allowed (default) but not combined with elevated privileges. No indication the skill modifies other skills or global agent settings.