Skillv0.3.2

ClawScan security

Task Ledger · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 9, 2026, 6:59 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, runtime instructions, and requested resources are coherent with its stated purpose as a local, filesystem-backed durable task toolkit and do not request unrelated credentials or network installs.
Guidance: This toolkit appears coherent and local-only: it creates and updates task JSON files and log/output directories under your workspace and uses python3/bash. Before installing or running it, review the bundled scripts and templates to confirm the file paths are acceptable for your workspace and that you are happy with local disk writes to tasks/, logs/, and outputs/. The skill does not request secrets or perform network downloads, but standard caution applies: do not install into a workspace containing sensitive production files without backing them up, and confirm any task actions that perform external side effects (deploy/restart) before executing.

Purpose & Capability: okName/description match the actual artifacts: a filesystem-backed toolkit for durable task objects. Required binaries (python3, bash) are appropriate for the included scripts. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md stays within scope: it instructs copying bundled toolkit files into the workspace, creating tasks/logs/outputs directories, and using the provided scripts to manage task JSONs. The scripts only read/write local workspace files and do not attempt to read unrelated system config or environment secrets. The instructions caution not to overwrite user-modified files and to confirm plans with the user.
Install Mechanism: okThere is no external install-from-URL. An included install.sh copies bundled files into the workspace only if missing. No external downloads, package manager installs, or archive extraction are performed.
Credentials: okThe skill requires no environment variables or credentials. The scripts operate on workspace directories (tasks/, logs/, outputs/) and only store/modify JSON task files and logs; they do not access or exfiltrate secrets, network endpoints, or unrelated system credentials.
Persistence & Privilege: okalways is false and the skill is user-invocable. The toolkit writes files only under the workspace (tasks/, logs/, outputs/, scripts/, task-templates/) and does not modify other skills or system-wide agent settings.