Skillv1.0.0

ClawScan security

Family · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 8:52 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are coherent with its stated purpose: it is an instruction-only family coordination system that stores local files under ~/family/ and asks for confirmation before writing.
Guidance: This skill appears to do what it says: it manages household coordination and keeps local files in ~/family/ after asking. Before installing or enabling it: 1) Confirm the agent actually prompts you before creating or updating ~/family/ as the SKILL.md promises. 2) Consider disk security — store sensitive health/legal details only if you trust the device (use disk encryption and backups you control). 3) Limit activation scope in the initial setup (e.g., enable only on explicit requests or for specific members) to avoid accidental sharing. 4) Periodically inspect ~/family/ and file permissions; remove or redact sensitive entries you do not want persisted. 5) If you ever see network calls, requests for credentials, or writes outside ~/family/, treat that as a red flag and disable the skill.

Review Dimensions

Purpose & Capability: okName/description (household coordination, schedules, care, privacy) match the skill contents. The skill declares and uses a local family folder (~/family/) for memory and templates — this is expected for a local continuity family ops system. No unrelated credentials, binaries, or external services are requested.
Instruction Scope: okRuntime instructions are an explicit local workflow: load the provided setup and templates, ask the user before creating/updating ~/family/, keep private-by-default, and store only coordination-relevant facts. The SKILL.md does not instruct access to unrelated system paths, environment variables, or external endpoints.
Install Mechanism: okNo install spec or code is included (instruction-only), so nothing is downloaded or installed. This is the lowest-risk pattern and consistent with the skill's stated operation.
Credentials: okThe skill requires no environment variables, credentials, or external config. The only declared config path is ~/family/, which is proportional to a local family memory system. There are no unexpected secret requests.
Persistence & Privilege: noteThe skill is designed to create and persist files under ~/family/ for local continuity. It explicitly requires user confirmation before creating or updating files and contains a privacy model. Persisting local household data is expected, but this increases responsibility on the user/device (local storage of potentially sensitive family info).