Skillv1.0.0

ClawScan security

Context Budget Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 10:43 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only audit/playbook for reducing context token waste and its requested footprint (no installs, no credentials) aligns with that purpose, though it expects the agent to read and potentially modify internal context files so operators should take normal precautions.
Guidance: This skill is a textual audit and reduction playbook and is internally consistent with its purpose, but it expects the agent to read and (potentially) modify system prompts, skill files, and memory files. Before using: (1) review the full SKILL.md yourself (the provided excerpt is long and may contain additional implementation steps); (2) backup SOUL.md, MEMORY.md and any other files the agent might change; (3) run the audit in read-only or dry-run mode first (take notes and accept changes manually); (4) restrict the agent's ability to perform automatic deletions or edits until you confirm results; and (5) verify the skill source and price before purchase. There are no credential-exfiltration indicators in the package, but because it operates on internal config and memory, follow standard precautions (backups, limited write permissions, manual approval for destructive changes).

Review Dimensions

Purpose & Capability: okName and description match the SKILL.md content: the document is a token-usage audit and reduction playbook. It does not request binaries, credentials, or unusual installs that would be inconsistent with an auditing/optimization tool.
Instruction Scope: noteThe instructions explicitly tell the agent to inventory and score system prompts, SOUL.md, MEMORY.md, skill files, chat history, project files, and to create/modify artifacts like a SKILL-INDEX.md and FOCUS.md. That scope is coherent with the stated purpose (you must inspect and change context artifacts to reduce tokens) but it does require read/write access to many agent-internal files—so operators should expect the skill to touch sensitive configuration and memory files if executed.
Install Mechanism: okNo install spec and no code files are present (instruction-only). This is the lowest-risk install mechanism and is proportionate for a playbook-style skill.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The guidance references models and token costs but does not require secrets or external API keys, which is proportionate to its goal.
Persistence & Privilege: noteThe skill is not always-included and is user-invocable (normal). However, its guidance includes steps that modify system prompts, skill indices, and archive/delete memory entries. Those actions require agent permissions to edit internal files; this is reasonable for a context optimizer but increases the impact of any mistakes or unintended automation.