Skillv1.0.0

ClawScan security

Discover · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 16, 2026, 10:22 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's actions (creating a ~/discover workspace, keeping a local watchlist, and optionally adding small AGENTS/HEARTBEAT snippets) are consistent with its stated discovery purpose and do not request unrelated credentials or network access.
Guidance: This skill appears coherent and low-risk but will create and manage files in ~/discover/ and can add small AGENTS/HEARTBEAT snippets to your workspace if you approve. Before enabling: (1) confirm the agent asks for explicit permission to enable heartbeat or write to workspace files, (2) review the created files (memory, watchlist, findings) and their contents, (3) back up any AGENTS.md or HEARTBEAT.md you allow modified, and (4) never allow it to store secrets or enable third-party connectors without explicit review. If you want no persistent local state, do not approve the setup steps that create ~/discover/ or enable heartbeat.

Purpose & Capability: okName/description match the requested actions: maintaining durable watchlists, novelty rules, and heartbeat-backed logs. The skill only needs local files and workspace routing to provide that functionality; no unrelated permissions, binaries, or credentials are requested.
Instruction Scope: okRuntime instructions read and write files under ~/discover/, and suggest adding small blocks to workspace AGENTS.md and HEARTBEAT.md only with explicit approval. Creating and updating local metadata, findings, and heartbeat state is coherent with the discovery goal. The SKILL.md repeatedly instructs the agent to ask before enabling recurring heartbeat or contacting third parties.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is downloaded or executed from external sources. Risk from the install mechanism is minimal.
Credentials: okThe skill declares no required environment variables, no credentials, and no remote endpoints. It explicitly warns not to store secrets and to ask before using paid tools or contacting third parties, which is proportionate to the stated purpose.
Persistence & Privilege: noteThe skill persists state under ~/discover/ and proposes small edits to workspace AGENTS.md / HEARTBEAT.md with user approval. It does not force-enable itself (always:false). Users should be aware this creates durable local files and may add recurring behavior if they explicitly approve heartbeat.