Skillv1.0.0

ClawScan security

ChatGPT · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 7, 2026, 3:32 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only ChatGPT workflow skill that is internally consistent: it stores small local workflow files under ~/chatgpt/, requests no credentials or external installs, and its instructions align with the described purpose.
Guidance: This skill appears coherent and low-risk, but note these practical points before installing: - It will create and read files under ~/chatgpt/ to store activation preferences, workflows, projects, and QA notes. Review those files (setup.md and memory-template.md) before allowing persistent storage. - The skill explicitly says not to store secrets. Do not paste API keys, passwords, or other sensitive secrets into ChatGPT prompts or the local notes unless you intentionally create a safe, encrypted note. - Because it is instruction-only, there is no code being installed, so the main risk is local data retention. If you prefer no local persistence, decline activation or remove ~/chatgpt/ after each use. - If you see any unexpected requests for credentials, external endpoints, or automated browser/file uploads during use, stop and revoke the skill—those would be out of scope. What would change this assessment: discovery of hidden code files, remote install hooks, requests for unrelated credentials, or instructions to upload local data to external endpoints would make the skill suspicious or worse.

Purpose & Capability: okThe name/description (improving ChatGPT prompts, projects, memory hygiene, and QA) matches the SKILL.md content. The skill requires no binaries, no env vars, and no external installs—these are proportionate for a prompt/workflow helper.
Instruction Scope: noteRuntime instructions direct the agent to read and maintain files under ~/chatgpt/ (memory, workflows, projects, QA). This is consistent with the stated purpose, but it does grant the skill the ability to create and update files in the user's home directory; the SKILL.md explicitly advises not to store secrets.
Install Mechanism: okNo install spec or code files are present. Instruction-only skills have lower install risk because nothing is downloaded or executed on install.
Credentials: okThe skill requests no environment variables, credentials, or config paths beyond a user-local directory (~/chatgpt/). The declared data retention policy in SKILL.md limits stored content to workflow preferences and explicitly disallows storing secrets unless the user opts in.
Persistence & Privilege: okalways:false and autonomous invocation are default. The only persistent effect is writing/reading files under ~/chatgpt/ (its own workspace). It does not request system-wide changes or access to other skills' configs.