Back to skill
Skillv1.0.0
ClawScan security
Agent Daily Planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 9:52 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, file reads/writes, and lack of external dependencies are consistent with a local daily planning/logger for an AI agent.
- Guidance
- This skill is internally consistent and low-risk: it only reads and writes files under your agent's memory (MEMORY.md, memory/projects.json, memory/YYYY-MM-DD.md). Before installing, confirm you are comfortable with the agent creating and updating files in that memory directory (they may contain private information). Because the skill is instruction-only with no external network calls or credentials, the main consideration is privacy of local memory contents and file permissions. If you share agent state with others or back it up to external services, review those practices accordingly. If you need provenance, note the source is 'unknown' and there's no homepage — if that matters for trust, request or verify a publisher repository before wide deployment.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: generating daily/weekly plans, tracking shipped items and blockers, and persisting them to memory files. Nothing required by the skill (no env vars, no external binaries) is out of scope for a planner.
- Instruction Scope
- okSKILL.md explicitly reads/writes files in the agent memory area (MEMORY.md, memory/projects.json, memory/YYYY-MM-DD.md) and describes only planning-related operations (carry-forward, review, ship, block). These file accesses are coherent with the stated purpose; there are no instructions to access unrelated system paths, environment variables, or external endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest risk installation surface. Nothing is downloaded or written by an installer.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill only declares use of local memory files (projects.json, MEMORY.md) which is proportionate to a planning/logging tool.
- Persistence & Privilege
- okalways:false and model invocation not disabled (normal). The skill writes/updates files under memory/, which is expected for persistent planning. It does not request system-wide privileges or modify other skills' configurations.