Skillv1.0.0

ClawScan security

Self Improving Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 12, 2026, 10:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and instructions match its behavior (local practice logging), but the provided shell script lacks input validation and can write arbitrary files based on the skill name, which is a safety risk.
Guidance: This skill is coherent with its stated purpose and appears to only write local practice logs, but exercise caution before running the included script. The quick-log.sh script does not sanitize the SKILL_NAME argument, so a crafted name (e.g., containing '../' or other special characters) could cause the script to create or append to files outside the intended .learnings/skills directory. Before using: (1) review the script source yourself; (2) only run it in a directory you control and not as a privileged user; (3) avoid passing untrusted input as SKILL_NAME (use simple alphanumeric names); (4) consider patching the script to validate/sanitize SKILL_NAME (e.g., allow only [A-Za-z0-9_-] and reject slashes), or quote/normalize the path with realpath checks; (5) note the _meta.json dependency 'self-improving-agent' may be informational only — confirm whether your environment will try to install/run anything else. If you need, I can provide a safer version of quick-log.sh that sanitizes the filename.

Purpose & Capability: okName, description, and SKILL.md describe a local practice-tracking/logging helper; the files and script are consistent with that purpose. No network, cloud, or unrelated capabilities are requested.
Instruction Scope: concernThe SKILL.md instructs the agent to append logs under '.learnings/skills', which is appropriate for a logging tool. However, the included scripts/quick-log.sh uses the unsanitized SKILL_NAME variable when constructing the output path, allowing path traversal or creation/modification of arbitrary files if a malicious or malformed skill name is supplied.
Install Mechanism: okNo install spec is present (instruction-only plus a small script). Nothing is downloaded or extracted from external URLs.
Credentials: okNo environment variables, credentials, or unrelated config paths are requested. The skill operates on local files only.
Persistence & Privilege: okalways:false and normal agent invocation settings. The skill does not request permanent system-wide privileges or modify other skills' configs.