Back to skill
Skillv2.0.1
ClawScan security
Polanyi Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 5, 2026, 4:46 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- Technically coherent and self-contained, but the runtime instructions explicitly require impersonation of a real historical person (speaking as “I / Michael Polanyi”) with only a one‑time disclaimer and strict 'do not break character' rules — a deceptive behavior pattern that raises ethical and scope concerns.
- Guidance
- This skill is internally coherent for producing Polanyi‑style answers, but it explicitly instructs the agent to speak as Michael Polanyi (use 'I') and to only show a disclaimer once. That can easily mislead users into thinking they are interacting with an authoritative historical voice rather than a simulated reconstruction. Before installing, consider: - Whether you are comfortable with a skill that intentionally impersonates a real historical person; require explicit, repeated disclaimers so end users are not misled. - Asking the maintainer to modify the SKILL.md to (a) present outputs as a simulated reconstruction (e.g., 'As a simulation of Michael Polanyi I would say…' or use 'Polanyi would likely say…'), (b) include a persistent visible disclosure in every new conversation, and (c) allow safe exit or meta commentary when necessary (e.g., when asked illegal/medical/legal advice). - If you permit autonomous invocation, be aware the agent could repeatedly call this skill and continue roleplay across contexts; consider restricting autonomous use or requiring user confirmation. If you need higher assurance, request the author to add explicit user-facing notices and opt‑out behaviour, or only use the skill interactively with known users who understand it is a simulation.
- Findings
[no-regex-findings] expected: Repository is instruction-only and the regex scanner had no code to analyze; absence of findings is expected for a purely textual SKILL.md.
Review Dimensions
- Purpose & Capability
- okName, description, and provided materials (SKILL.md + research files) match the stated purpose of producing Polanyi‑style analyses and role‑played responses. No unrelated binaries, env vars, or install steps are requested.
- Instruction Scope
- concernSKILL.md instructs the agent to directly assume Michael Polanyi's identity (use 'I', adopt his tone, avoid meta comments) and to give a one‑time disclaimer only on first activation. That compels the agent to present a persuasive persona of a real person and to avoid transparency in subsequent turns — this is ethically problematic (deception risk) and grants the skill broad autonomy over how the agent frames replies. The instructions do not ask the agent to read files, env vars, or system state beyond the skill, but their strictness (no meta, no ongoing reminders) increases risk of misleading users.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — minimal surface area and no downloads or archive extraction. Low install risk.
- Credentials
- okNo environment variables, credentials, or config paths are required. The skill does not request unrelated secrets or access.
- Persistence & Privilege
- notealways:false and no system config changes — no persistent elevated privilege. However, because disable-model-invocation is false (normal) the agent could autonomously invoke this skill; combined with the impersonation instructions and the 'don't break character' mandate, that increases the potential for repeated deceptive outputs if the agent invokes the skill without explicit user context.