Skillv1.0.0

ClawScan security

Morning Pages Facilitator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 15, 2026, 1:01 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with a guided morning-writing facilitator: it runs locally on the skill files, requires no credentials or installs, and does not contact external services or read unrelated system state.
Guidance: This skill appears coherent and low-risk: it runs locally, needs no secrets, and only formats guided prompts. Before installing, note that anything you type into a conversation may be stored by the host agent/platform — avoid pasting highly sensitive personal data. Also review future updates: watch for added install steps, required env vars, network calls, or an 'always: true' flag, which would change the risk profile.

Purpose & Capability: okName/description match the implementation: handler.py produces constrained writing prompts, sets a time/page container, and offers anti-stall cues. No unrelated credentials, binaries, or system access are requested.
Instruction Scope: okSKILL.md instructs the agent to guide free-writing and not to create/sync documents. The handler follows those instructions and only reads the local SKILL.md for its metadata; it does not read other files or environment variables or transmit user content.
Install Mechanism: okNo install spec is provided (instruction-only skill). There are local Python files but nothing in the package attempts to download or install external code.
Credentials: okThe skill requests no environment variables, credentials, or config paths. Its input handling operates on provided inputs only; there are no hidden credential accesses.
Persistence & Privilege: okDefaults are used (not always:true). The skill does not modify other skills or system-wide settings and does not request permanent presence or elevated privileges.