ClawHub
Back to skill
v1.0.0

Feedback Loop

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:58 AM.

Analysis

Feedback Loop appears to be a local feedback analytics CLI with no evidenced exfiltration or destructive behavior, but it persists feedback/session analytics and ships with sample data users should manage.

GuidanceBefore installing, clear the bundled data files if you want a clean history, avoid entering secrets in feedback comments or context, and only enable implicit or automatic collection when users know their interaction metrics will be stored.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
隐式反馈:从交互模式自动检测... "sessionId"... "metrics"... "context"... 数据存储在 `data/` 目录下

The skill is designed to persist explicit comments plus inferred interaction signals, metrics, and context for later analysis.

User impactFeedback comments or session context may contain private information and will remain in local JSON files for reuse in later analyses and reports.
RecommendationAvoid putting secrets or sensitive personal details in feedback/context fields, and define a retention or cleanup practice for the data directory.
Memory and Context Poisoning
SeverityInfoConfidenceHighStatusNote
data/feedback.json
"sessionId": "test_session_1", "rating": 5, "comment": "Great response!", "category": "accuracy"

The package includes pre-existing feedback records in its data directory rather than starting with an empty feedback history.

User impactInitial stats, suggestions, or reports may be influenced by bundled sample/test feedback until the user clears or replaces the data files.
RecommendationClear the bundled data files before first real use if you want analyses to reflect only your own feedback.