Back to skill
Skillv0.2.11
ClawScan security
Agent Travel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 24, 2026, 2:16 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's manifest, instructions, and included scripts are internally consistent with a background 'quiet-window' research helper that requires Python and relies on the host to perform web/search actions; nothing requested or installed is disproportionate to that purpose.
- Guidance
- This package appears coherent and well-scoped, but you should still: 1) review the actual Python scripts (e.g., scripts/plan_travel.py, scripts/should_travel.py, scripts/validate_suggestions.py) for any unexpected network calls or file-system access before running them; 2) confirm your host enforces the SKILL.md rules (redaction, advisory-only output, no writing to core/system prompts or permanent memory); 3) note that disable-model-invocation:true means the host/scheduler must call the skill (it won't be invoked autonomously by the LLM), so ensure your platform supports the intended integration; and 4) run the included tests (community_smoke_test.py) in a sandboxed environment to verify behavior before enabling in production.
Review Dimensions
- Purpose & Capability
- okName/description match the delivered artifacts: the repo contains trigger/plan/validator scripts and documentation for a host-driven background research flow. Requiring python/python3 is appropriate for the included Python scripts; no unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md bounds runtime behavior: build a redacted fingerprint, prefer public-first search, redact secrets, do dry-run planning locally (plan_travel.py claims no network), require cross-validation, and write advisory-only hints to an isolated suggestion channel. The instructions explicitly forbid adding results to system prompts or permanent memory and require redaction before any search.
- Install Mechanism
- okNo install spec is provided (instruction-only skill). The package includes Python scripts and test fixtures but does not declare downloads or post-install steps. This is low-risk relative to other install mechanisms; the host will need to run the included scripts.
- Credentials
- okNo environment variables or external credentials are requested. The skill's operational needs (local Python scripts, reading provided JSON state fixtures) align with this. SKILL.md also emphasizes redaction and opts-in usage for private/internal sources.
- Persistence & Privilege
- okThe skill does not request always:true and does not declare model invocation capability (disable-model-invocation: true), so it cannot be autonomously invoked by the model in-band; this matches the design where the host (scheduler/heartbeat) should call it. It does write structured suggestions to an isolated suggestion channel per its contract, which is intended and scoped to the active conversation only.