Skillv2.0.0

ClawScan security

Jiaoyifu Workplanning · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 2:17 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill that coherently provides templates and a workflow for creating operational plans and legitimately instructs the agent to write/read module files as part of its job; nothing requested or described appears disproportionate to that purpose.
Guidance: This skill is coherent for producing multi-module planning documents, but it requires the agent to write and later read files in a directory you provide. Before installing/using: 1) confirm what directory you will allow the agent to use and avoid giving system/root paths; 2) be prepared to review the generated .md files and delete any temporary files if you don't want them retained; 3) be cautious about uploading internal references to external knowledge bases (Coze) if those contain sensitive data; 4) no credentials are requested by the skill itself, so any prompt asking for secrets would be unexpected — refuse and report it. If you want a lower-risk workflow, restrict the agent to a sandbox folder and verify outputs there.

Review Dimensions

Purpose & Capability: okName/description match the actual behavior: the skill is a planning/operations template and workflow. The requirement to persist per-module .md files and later read/merge them is consistent with the stated goal (avoiding context-window loss when assembling large plans). There are no unrelated environment variables, binaries, or external credentials requested.
Instruction Scope: noteSKILL.md explicitly instructs the agent to ask the user for a target directory and then Write, Glob, Read, and later Write the merged .md output. That file I/O is within scope for document production, but it does mean the agent will perform filesystem operations on paths the user provides. The instructions do not ask the agent to access system config, credentials, or other unrelated files, but if a user provides an unsafe directory path the agent could read/write unintended files.
Install Mechanism: okNo install spec — instruction-only — so nothing is downloaded or installed. This minimizes supply-chain risk.
Credentials: okNo environment variables, credentials, or config paths are required. The skill does mention optional uploading of reference files to a Coze knowledge base in documentation, but that is optional and not required by the runtime instructions.
Persistence & Privilege: noteThe skill intends to persist module files to disk (user-specified directory) and retain them by default unless the user chooses to delete them. always:false and normal autonomous invocation settings are used. Persisting files is coherent with the purpose, but users should be aware the agent will create and read files on disk in whatever directory they permit.