Skillv1.0.0

ClawScan security

Chat Rooom · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 6, 2026, 11:39 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are internally consistent: it only reads and writes local workspace and home-folder files to implement a local chat-room coordination workflow and does not request external credentials or network installs.
Guidance: This skill appears to do only local coordination: it will create and update .chat-rooom/ in the current repo and ~/chat-rooom/ in your home. Before installing, consider: (1) these room files will persist on disk—add them to .gitignore if you don't want them committed; (2) avoid putting secrets or tokens in room logs (the skill itself advises against this); (3) the agent will read workspace files to follow claims/links—only enable the skill in repositories you trust; (4) the skill may suggest installing related skills (via clawhub) — review those separately. Overall the behavior matches the description and no external network installs or credential requests are present.

Purpose & Capability: okName/description (local chat rooms, channels, claims, summaries) match the declared requirements and instructions. No unrelated credentials, binaries, or services are requested.
Instruction Scope: okSKILL.md only instructs the agent to create, read, append, and rename files under the active workspace (./.chat-rooom/) and the user's home (~/chat-rooom/). This behavior is consistent with the stated purpose (local coordination). The instructions avoid external endpoints and explicitly say not to store secrets.
Install Mechanism: okInstruction-only skill with no install spec and no code files. Nothing is downloaded or written by an installer; the risk surface is limited to file reads/writes performed at runtime.
Credentials: okNo environment variables, credentials, or config paths beyond the declared ~/chat-rooom/ are required. The requested access (workspace and a single home folder path) is proportional to the feature set.
Persistence & Privilege: okThe skill writes local files for persistence in ~/chat-rooom/ and .chat-rooom/ in the workspace, which is appropriate for durable room logs. always is false and the skill does not request elevated or cross-skill configuration changes.