Skillv1.0.0

ClawScan security

Agent Spawner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 19, 2026, 8:57 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, runtime instructions, and requested resources are consistent with a multi-agent orchestration tool and do not request unrelated credentials or install arbitrary code.
Guidance: This skill appears coherent for orchestrating parallel sub-agents, but consider the following before installing: 1) Ensure your platform enforces per-subagent permissions — spawned agents may read and modify the parent workspace (the docs show applying patches and running tests). 2) Use the recommended timeoutSeconds and limit nesting to avoid runaway or expensive multi-agent runs. 3) Verify that sub-agents cannot access secrets or external network endpoints you don't want shared (restrict model/tool access per subagent). 4) Be aware the included planner script is a simple local analyzer (no network), but it has some minor heuristics/bugs (e.g., crude word-counting for competitors and a simple dependency heuristic); treat its output as a suggestion and review spawn plans before executing. If you need stronger guarantees about safety or data handling, ask for explicit platform-level sandboxing and access controls for spawned sessions.

Review Dimensions

Purpose & Capability: okThe name/description (spawn parallel agents, synthesize results) match the SKILL.md and included planner script. The skill only references platform session primitives (sessions_spawn, sessions_yield, sessions_history, subagents) which are expected for an orchestrator; no unrelated environment variables, binaries, or external services are required.
Instruction Scope: noteSKILL.md gives concrete, scoped instructions for decomposing tasks, spawning sub-agents, collecting outputs, and synthesizing results. It explicitly recommends timeouts and one-level deep spawning. The docs and examples include actions like 'apply patches' and 'run tests' — these legitimately imply sub-agents will read/modify repository files in the parent workspace, which is coherent for build/test workflows but increases risk (unintended modifications or data exposure) if the platform's permissions are broad. The instructions do not direct reading of unrelated files or exfiltration to external endpoints.
Install Mechanism: okThis is instruction-only with a small helper script included; there is no install spec, no downloads, and no archive extraction. The included Python script is local and readable; nothing is pulled from external URLs at install time.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The SKILL.md and script likewise do not reference secrets or external tokens. Model names in the plan are placeholders (e.g., 'cheapest', 'capable_coding') but do not imply additional credentials are needed by the skill itself.
Persistence & Privilege: okalways is false and the skill is user-invocable; autonomous invocation (disable-model-invocation false) is the platform default and not by itself a concern. The skill does instruct spawning subagents (its purpose), but it does not request permanent presence or modification of other skills or global agent settings.