Skillv1.0.0

ClawScan security

Agentic Loop Designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 10:43 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is a design-first guide for building autonomous loops (templates and decision trees) but it claims to 'deploy' loops while having no install mechanism, no code, and no declared credentials — that mismatch is concerning and deserves clarification before use.
Guidance: This appears to be a design/template guide for building agent loops, not an automated deployer. Before installing or relying on it: 1) Clarify with the author whether the skill will ever ask for runtime credentials or perform deployments — right now it requests none. 2) If you plan to turn templates into running automations, do not hand over high-privilege tokens; create scoped tokens (least privilege) for Slack/GitHub/Notion and test in a sandbox workspace. 3) Because the source is unknown and there is no homepage, be cautious: prefer skills from verified publishers or request the implementation details and code. 4) If you expect the skill to actually execute actions, require an explicit install/runtime that documents what it will store, where credentials go, and what network calls it makes. 5) If you proceed, review any generated automation prompts and approval gates before enabling auto-run to avoid unwanted irreversible actions.
Findings: [no_code_files] expected: The regex scanner found nothing because this is an instruction-only skill (SKILL.md only). That is consistent with a design/template skill, but inconsistent with the claim of deployment capability.

Review Dimensions

Purpose & Capability: concernThe description promises design AND deployment of autonomous agent loops that integrate with services like Slack, GitHub, Linear, Notion, and email. However, the package is instruction-only (no code, no install) and declares no required environment variables or credentials. If the skill truly deploys or triggers external services it would need tokens/keys and an install/runtime — the SKILL.md instead reads like a template/consultant guide. This is an internal inconsistency: 'deploy' capability is not supported by what the skill requests or installs.
Instruction Scope: noteThe SKILL.md stays within a design scope: it gives templates, trigger types, gate formats, and example configs including POST to Slack and file-based memory examples. It does not instruct the agent to read arbitrary system files or to automatically fetch secrets. That makes the runtime instructions themselves fairly scoped, but they reference external APIs and operations that would require additional implementation and credentials which are not part of the skill.
Install Mechanism: okThere is no install spec and no code files. From an install-risk perspective this is low-risk because nothing is written to disk or downloaded by the skill package. The tradeoff is that no automated deployment capability is actually provided by the skill.
Credentials: concernThe templates explicitly reference services that normally require API tokens (Slack bot tokens, GitHub/Linear/Notion API keys, SMTP/SendGrid credentials). Yet the skill declares zero required environment variables and no primary credential. If a user expects the skill to perform live integrations, the absence of any declared credential needs explanation. This could be benign (design-only), but it is disproportionate relative to claimed deployment functionality.
Persistence & Privilege: okThe skill does not request persistent installation (always:false) and does not attempt to modify agent or system configs. Provided memory examples are user-implementation suggestions (file-based JSON) rather than actions performed by the skill package itself.