Skillv1.0.1

ClawScan security

Decision Recorder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 5:03 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's behavior (local decision storage and analysis) matches its description, but the packaged code and metadata contain multiple incoherences that make the package broken or at least poorly packaged — not obviously malicious, but suspicious and should be reviewed before use.
Guidance: This skill appears to do what it says (local decision recording and analysis) and does not request secrets or network access, but the packaged code/metadata contain multiple inconsistencies (incorrect package.json entries, mismatched file paths, possible broken require() calls). Before installing or running globally: 1) Inspect the files locally and verify or fix package.json 'main' and 'bin' fields to point to the correct files; 2) Run the CLI in a sandbox or throwaway account and test create/list/search operations; 3) Confirm the CLI’s require paths (bin/cli.js expecting './index') and ensure src/index.js is importable (or add a root index.js); 4) Backup any existing ~/.decision-recorder data and check file permissions; 5) If you cannot or do not want to edit code, avoid installing globally and prefer running the scripts directly from a controlled directory. The inconsistencies look like sloppy packaging rather than malicious intent, but treat the package as untrusted until you validate and, if necessary, correct it.

Review Dimensions

Purpose & Capability: okName/description (record, search, analyze decisions) align with the code and SKILL.md: data is stored locally under ~/.decision-recorder and operations are local CRUD and analysis. No unexpected services, credentials, or network calls are requested.
Instruction Scope: okSKILL.md instructions restrict operations to local JSON files and to Node.js usage; they do not instruct reading unrelated system files, sending data externally, or requiring extra credentials. Programmatic and CLI usages described match the intended local scope.
Install Mechanism: concernThere is no explicit install spec (instruction-only), but a package.json and code files are included. The package metadata and file layout are inconsistent: package.json 'bin' entry points to './bin/decision-recorder' which does not exist (actual file is bin/cli.js), 'main' is 'index.js' but the project places index at src/index.js, and registry metadata version differs from package.json version. Several require() paths in the code also appear mismatched (bin/cli.js requires './index' relative to bin/, but index lives in src/). These inconsistencies mean the package may be nonfunctional as distributed and could require manual fixes to run.
Credentials: okThe skill requests no environment variables, binaries, or credentials. Data is stored in the user's home directory (~/.decision-recorder), which is proportionate to the claimed function. There are no unexpected requests for secrets or unrelated service tokens.
Persistence & Privilege: okThe skill does not declare always:true and does not request elevated system privileges. It stores its own data under ~/.decision-recorder only. There is no evidence it tries to modify other skills or system-wide configurations.