ClawHub

Decision Recorder

Security checks across malware telemetry and agentic risk

Overview

This is mostly a local decision log, but review is advised because crafted decision IDs could make its code access or delete JSON files outside its intended storage folder.

Install only if you are comfortable with a local plain-JSON decision log. Do not store secrets in decisions, verify the CLI packaging before use, and avoid passing custom IDs containing slashes or '..' until the path validation issue is fixed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

A crafted ID containing path traversal such as '../' could read, overwrite, or delete JSON files outside the decision-recorder folder if the command or API is invoked that way.

Why it was flagged

The ID is used directly in file paths for view/update/delete operations without validation or a check that the resolved path remains inside ~/.decision-recorder.

Skill content
const filePath = path.join(DECISION_DIR, `${id}.json`);
...
fs.unlinkSync(filePath);
Recommendation

Validate IDs against the generated ID format, reject path separators and '..', and verify the resolved path starts with the intended storage directory before reading, writing, or deleting.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

The documented command may not run as packaged, which could lead users or agents to troubleshoot with unreviewed changes or alternate installation paths.

Why it was flagged

The provided file manifest includes src/index.js and bin/cli.js, but not index.js or bin/decision-recorder, so the package entry points appear inconsistent with the included files.

Skill content
"main": "index.js",
"bin": {
  "decision-recorder": "./bin/decision-recorder"
}
Recommendation

Fix the package entry points or provide a clear install/run specification before relying on the CLI.

#
ASI06: Memory and Context Poisoning
Low
What this means

Recorded decisions can persist on disk and may include sensitive rationale or planning information.

Why it was flagged

The skill intentionally creates persistent local records that may contain personal, team, product, or technical decision context.

Skill content
Decision records are stored under:

```bash
~/.decision-recorder/
```

Each decision is stored as a JSON file.
Recommendation

Avoid storing secrets or highly confidential material, and periodically review or delete records that should no longer be retained.