Skillv1.0.0

ClawScan security

Writing Assistant Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 9:34 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, runtime instructions, and minimal scripts are consistent with a local writing-assistant and do not request unrelated credentials or perform obvious network/exfiltration actions.
Guidance: This skill is internally coherent for a writing assistant: the docs and scripts are consistent and the scripts only do safe, local file checks. Before running: (1) inspect scripts/startup.sh and verify.sh yourself (they are small and benign), (2) run them in a disposable or project-specific directory (not as root) to avoid accidental writes to sensitive locations, (3) be aware the agent will persist conversation/state to files in its folder (MEMORY.md, shared-context, logs), so avoid submitting secrets or private credentials into the assistant, and (4) since the skill's source/homepage is unknown, if you need stronger assurance, run it in an isolated environment (container or VM) and monitor network activity to confirm there are no hidden external calls.

Review Dimensions

Purpose & Capability: okName/description (professional writing assistant) matches the included files: identity, operations, knowledge, logs, and agent workflows for write/rewrite/headline/ideate. There are no unexpected binaries, cloud credentials, or unrelated service tokens required.
Instruction Scope: okSKILL.md tells the user/agent to run scripts/startup.sh and then interact via the agent triggers. The startup and verify scripts only perform local filesystem checks and print status; they do not read arbitrary system files, access environment variables, or send data externally. The docs reference templates and self-healing behavior conceptually, but the shipped scripts do not implement network fetches or rebuilds.
Install Mechanism: okNo install spec is provided (instruction-only). There are only two small shell scripts included; no package downloads, no archive extraction, and no external installers are referenced.
Credentials: okThe skill declares no required env vars, no credentials, and no config paths. The included files reference a working directory (and an example path in shared-context) but do not request secrets or unrelated cloud keys.
Persistence & Privilege: notePlatform flags are normal (always:false, agent-invocable, autonomous invocation allowed by default). Internally the role docs state the 'chief writer' is 'always active' as a behavior description — this is internal logic and not the platform-level always:true. The skill stores/updates local knowledge files (MEMORY.md, logs, shared-context) under its directory, which is expected for a local assistant but means user-provided content may be persisted to disk.