Skillv1.0.0

ClawScan security

Personal Ideas · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 18, 2026, 11:10 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's behavior (reading/updating a workspace ideas file and using chat history to capture and develop ideas) matches its description and asks for no external credentials or installs; the only minor issue is it references a workspace file without declaring it in the manifest.
Guidance: This skill appears to do what it says: it will read chat history and read/update knowledge/personal/ideas.md in the agent workspace to capture and develop ideas. Before installing, confirm you are comfortable with the agent persisting all captured text (the SKILL.md explicitly says to 'record EVERYTHING') — it may store sensitive remarks unless you limit what you share or instruct the skill not to record certain content. Also note the manifest does not list the knowledge/personal/ideas.md path even though the runtime instructions require it; you may want the publisher to declare that config path explicitly. There are no external network calls or credential requests in the skill, which reduces risk, but ensure your agent workspace is private if you plan to store personal or sensitive ideas.

Purpose & Capability: noteThe name/description (idea capture and brainstorming) aligns with the instructions to read, index, and append ideas to a local knowledge file; however the SKILL.md explicitly requires reading/updating knowledge/personal/ideas.md while the registry metadata lists no required config paths — a small manifest mismatch.
Instruction Scope: noteInstructions are narrowly scoped to reading the agent's chat history and a local file and to storing new ideas. This is appropriate for the stated purpose, but the rule 'Записывать ВСЁ' (record everything) can cause the skill to persist sensitive user utterances unless the user or operator restricts what gets stored.
Install Mechanism: okNo install spec and no code files (instruction-only) — lowest-risk footprint; nothing is downloaded or written by an installer.
Credentials: okThe skill requires no environment variables or external credentials, which is proportionate. It does access a workspace file (knowledge/personal/ideas.md) — expected for local memory but not declared in manifest.
Persistence & Privilege: okalways:false and no elevated privileges; the skill persists ideas to a local workspace file (its expected behavior) and does not request system-wide changes or cross-skill configuration.