v1.0.0

Weekly Report

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:37 AM.

Analysis

This weekly report skill appears benign, with the main thing to notice being that it stores your task and report history locally.

GuidanceThis skill is coherent with its weekly-report purpose and does not show malicious behavior in the provided artifacts. Before installing, be aware that task names and report history are saved locally in tasks.json and reports.json, so avoid storing confidential work information unless that is acceptable.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

index.js

tasks: path.join(SKILL_DIR, 'tasks.json'), reports: path.join(SKILL_DIR, 'reports.json') ... fs.writeFileSync(FILES[type], JSON.stringify(data, null, 2));

The skill saves user task text and generated report metadata to persistent local JSON files; SKILL.md also discloses tasks.json and reports.json as data storage.

User impactWork tasks and report history entered into the skill can remain stored locally after the conversation ends.

RecommendationDo not enter highly sensitive work details unless you are comfortable with them being stored in the skill directory; delete the JSON files if you want to clear the history.