Back to skill
Skillv1.0.0
ClawScan security
Session-logs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 8:53 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are coherent with its stated purpose (searching local session JSONL logs with jq and ripgrep) and do not request unrelated credentials or installs.
- Guidance
- This skill is coherent: it only reads local session log files and uses jq/rg to search/analyze them. Before installing, confirm you are comfortable letting the agent access files under ~/.clawdbot/agents/<agentId>/sessions/ (these contain your conversation history and may include sensitive content). Ensure jq and ripgrep (rg) are installed and available on PATH. If you want to limit access, only invoke the skill when you explicitly request it rather than allowing autonomous use.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: the skill only needs to read session JSONL files and uses jq and rg to search and summarize them. Requiring jq and rg is proportionate to the stated functionality.
- Instruction Scope
- okSKILL.md explicitly instructs reading files under ~/.clawdbot/agents/<agentId>/sessions/ and running jq/rg commands to extract messages, costs, and metadata. It does not instruct contacting external endpoints or accessing unrelated system data. The one minor note is the guidance to use the agent=<id> value from the system prompt's Runtime line — ensure the agent uses the correct agentId and only accesses directories the user intends.
- Install Mechanism
- okNo install spec or code is provided; the skill is instruction-only and relies on existing jq and rg binaries. This has low installation risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The filesystem path referenced is consistent with the skill's purpose (reading session logs).
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide changes or elevated privileges. Autonomous invocation is allowed (platform default) but not accompanied by other concerning privileges.