Skillv1.0.0

ClawScan security

Faithful Task Executor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 10:18 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only orchestration/template pack for enforcing task rules and passing a local rules file to subagents; its declared requirements and instructions are coherent with its stated purpose.
Guidance: This skill is an instruction/template pack that tells an agent to extract and persist task rules to a local file (.task-rules/rules.md) and require subagents to read and confirm those rules. Before enabling: 1) Understand that it will create and persist files in the agent workspace (check .task-rules for sensitive content). 2) Confirm your agent's subagent mechanism will not inadvertently expose workspace files to external systems — the skill itself does not instruct network exfiltration, but passing files to other agents relies on platform behavior. 3) Note package.json references runtime scripts that are not included, so this appears to be documentation-only (no supplied executable code); expect to rely on the platform's agent runtime to implement enforcement. 4) Because the activation keywords are broad, test the skill on non-sensitive tasks first to see how and when your agent invokes it. If you need automated enforcement across multiple agents, verify how your platform creates/isolates subagents and whether policy controls are needed to limit file sharing or external access.

Review Dimensions

Purpose & Capability: okName and description claim rule persistence, subagent orchestration, and consistency checks; SKILL.md and templates implement templates and procedures for writing/reading a local rules file (.task-rules/rules.md) and coordinating subagents. No unrelated credentials, binaries, or external services are requested, so the requested capabilities match the stated purpose. Minor note: package.json references scripts (scripts/execute-task.js, scripts/validate-rules.js) that are not present in the file manifest, which suggests this package is documentation/instruction-only rather than providing runtime code.
Instruction Scope: okRuntime instructions are explicit about extracting rules from user input, writing a rules file, passing the path to subagents, and requiring confirmations and rule-checks at progress points. Instructions do not ask the agent to read unrelated system files, access secrets, or call external endpoints. They do instruct creating and reading a local .task-rules directory and enforcing rule-locking; that local file I/O is expected given the skill's purpose.
Install Mechanism: okNo install spec and no code files to execute are included in the package (instruction-only). This is low-risk: nothing will be downloaded or executed by an installer. The only metadata that looks executable is package.json, but the referenced scripts are not present.
Credentials: okThe skill declares no required environment variables, credentials, or config paths beyond a local rules file. That matches its stated function. There are no suspicious secret-exfiltration indicators in the instructions.
Persistence & Privilege: noteThe skill writes and expects a persistent local rules file (.task-rules/rules.md) and requires subagents to read it; this is consistent with its purpose but means the skill will create and persist files in the agent workspace. always is false and it does not request elevated or cross-skill configuration changes.