Skillv1.0.0

ClawScan security

日报和周报(daily-report and weekly-report) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 5, 2026, 2:45 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (generating daily/weekly reports by scanning git history and TODOs), but its runtime instructions will recursively read repository and filesystem content without safeguards — review scope and outputs before sharing.
Guidance: This skill appears to do what it says (collect git commits, TODOs, and generate a Markdown report). Before installing or letting it run autonomously: - Run it from the intended project root, not from your home directory or a workspace containing multiple unrelated repos, to avoid accidental scanning of unrelated files. - Prefer running the skill on a cloned copy of the repository or in a temporary test directory if you are concerned about sensitive data. - Review the generated report before sharing externally — commit messages, TODOs or files can contain tokens, credentials, or private information. - If you want to reduce risk, modify the workflow to explicitly pass the repository path or restrict find/grep to specific subdirectories and add exclusions for node_modules, build, vendor, .env, or other sensitive paths. - If you are uneasy about autonomous invocation, disable automatic invocation for this skill (or require explicit user invocation) so it cannot run without your prompt. If you want, I can suggest concrete grep/find command variants that exclude common sensitive paths or a wrapper that runs the skill safely against a single, specified repo path.

Review Dimensions

Purpose & Capability: okThe name/description say it analyzes git commits, TODO comments and task files to build reports. The SKILL.md instructs use of git, grep and find to gather that data. There are no unrelated environment variables, binaries, or config paths requested — the requested capabilities match the stated purpose.
Instruction Scope: noteThe instructions explicitly run git log, grep -r and find starting at the current working directory and also include an option to scan multiple repositories. That behavior is required to collect commits and TODOs, but the instructions place no bounds on search scope or exclusions (e.g., limiting to a project root or excluding home, vendor, build, or secrets files). As written, running the skill from a broad path could read files unrelated to the project and surface sensitive content.
Install Mechanism: okThere is no installation step (instruction-only skill). A small test script is included to initialize a local git repo for testing. No downloads or archive extraction are present, so disk-write/execution risk is minimal and transparent.
Credentials: okThe skill requires no environment variables, credentials, or special config paths. It does, however, read local repository contents and files (git logs, TODO files), which is consistent with its function but means local secrets present in code or files could appear in generated reports even though no secrets are explicitly requested.
Persistence & Privilege: noteThe skill does not request always:true or any elevated platform privileges and does not modify other skill configs. However, the platform-default ability for the agent to invoke the skill autonomously combined with the skill's filesystem-scanning instructions increases the potential blast radius (it could run and collect local content if automatically triggered). This is not inherently malicious, but consider limiting autonomous invocation if you have sensitive repositories on the same host.