Back to skill
Skillv1.0.0
ClawScan security
Life Capture · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 12:38 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and required access are consistent with its stated purpose of parsing personal life notes and saving them to local markdown files and a local sqlite DB.
- Guidance
- This skill appears coherent and local-only, but you should still: (1) review the included scripts (they will execute on your machine) before running to ensure you trust the author; (2) confirm the storage root (default 'life/') is where you want personal data saved and that file permissions are appropriate; (3) back up any existing life/db/life.db or daily notes if you care about preexisting data (the save logic upserts and will replace entries with matching IDs); (4) if you plan to edit parsing behavior, edit references/parser_config.json and test with parse_entries.py before writing; and (5) avoid running these scripts with elevated privileges — they only need normal filesystem access.
Review Dimensions
- Purpose & Capability
- okName/description match the actual behavior: parsing natural-language life logs, generating IDs/tags/markdown and syncing to a local sqlite DB. All declared files and scripts (parse, save, init, config) are necessary for that purpose.
- Instruction Scope
- okSKILL.md directs the agent to parse text and run local scripts; those scripts only read local config (references/parser_config.json), write under the declared life/ paths, and update the sqlite DB. The instructions do not ask the agent to read unrelated system files, environment variables, or send data to external endpoints.
- Install Mechanism
- okThere is no install spec or external download. The skill is delivered as local Python scripts and JSON configuration — nothing is fetched from remote hosts during normal operation.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The code operates on local files and a local sqlite DB only; no external credentials or network calls are present.
- Persistence & Privilege
- okThe skill is not always-enabled and does not modify other skills or system-wide settings. It will create and write under the specified life/ directories and the sqlite DB, which is appropriate for its stated purpose.