Skillv0.1.0

ClawScan security

Acp Loop · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 8:54 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, required artifacts, and stated purpose are internally consistent: it documents installing an npm CLI for scheduling prompts and does not request extra credentials or system access — but it relies on an external npm package you should review before installing.
Guidance: This skill is coherent with its stated purpose, but it directs you to install and run an external npm package (acp-loop) that will execute on your machine. Before installing or running it: (1) inspect the npm package page and GitHub repo (source code, maintainers, recent activity, issues); (2) prefer not to run global installs on sensitive hosts—consider a container or VM; (3) verify what the CLI will access (local logs, files, network) and whether it requires agent credentials or other secrets; (4) if you plan to allow autonomous scheduled runs, restrict the agent's scope and monitor its outputs. If you want higher assurance, request the package's repository and installation checksum or run it in an isolated environment first.
Findings: [regex-none] expected: No code files were present for the scanner to analyze. This is expected because the skill is instruction-only and points users to an external npm package/GitHub repository.

Review Dimensions

Purpose & Capability: okThe name/description (recurring prompt scheduler) matches the SKILL.md content. The CLI-based usage and options are coherent for scheduling tasks (intervals, cron, agent selection). Requiring an npm package to provide the CLI is proportionate to the stated purpose.
Instruction Scope: noteSKILL.md only instructs users to install and run the acp-loop CLI and shows examples of scheduled prompts. It does not instruct the agent to read unrelated files or environment variables. However some examples (e.g., "check logs for errors") imply access to local logs or system state — the skill does not specify how that access is obtained, or whether the CLI will read local files or require additional permissions, which is an ambiguity worth clarifying.
Install Mechanism: noteThis is an instruction-only skill with no registry install spec, but the documentation points to installing via npm and links to GitHub/npm — both common, traceable sources. Because the actual code is external (npm package / GitHub repo), users should review that package before running a global install. No unusual or opaque download URLs are present in the SKILL.md.
Credentials: okThe skill declares no required environment variables or credentials, which is consistent with the documentation. One caveat: selecting external agents (claude, gemini-cli, etc.) may in practice require credentials or CLIs on the host; those needs are not declared here and should be verified before use.
Persistence & Privilege: okThe skill does not request always: true and does not ask to modify other skills or system-wide settings. Autonomous invocation (disable-model-invocation: false) is normal for skills and is not in itself concerning here.