Skillv1.0.0

ClawScan security

Germany · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 9, 2026, 12:03 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill’s files and runtime instructions are coherent with a Germany trip-planning purpose: it only needs a local folder (~/germany/) to store a memory file and contains no installs, credentials, or external network instructions.
Guidance: This skill is coherent and appears to do only local trip planning. Before installing: (1) Confirm you are comfortable with the skill reading and writing files under ~/germany/ (it will create and update memory.md containing trip details). Avoid placing unrelated sensitive files in that directory. (2) Although SKILL.md states it will not make network requests, the platform or agent tooling might allow network access — if you require absolute offline guarantees, verify platform policy or run in a restricted environment. (3) Review the included markdown files (especially memory-template.md) so you understand what personal details will be stored. (4) If you combine this with other skills (booking, travel, payment), consider whether those other skills request credentials or network access. If you want higher assurance, run the skill in a constrained sandbox or inspect the created ~/germany/ files regularly and remove sensitive content after use.

Purpose & Capability: okName, description, and included modules (itineraries, transport, entry rules, region playbooks) match the declared requirement: a local config path (~/germany/) for persistent trip memory. No unrelated binaries, services, or credentials are requested.
Instruction Scope: okRuntime instructions tell the agent to create, read, and update files under ~/germany/ (memory.md and templates) and to consult the local markdown modules. There are no instructions to read files outside that directory or to perform network requests. The only file I/O the skill asks for is reading/writing its declared config path.
Install Mechanism: okNo install spec or code is included; this is an instruction-only skill. Nothing will be downloaded or written to disk by an installer beyond what the agent is explicitly told to write into ~/germany/.
Credentials: okThe skill requests no environment variables or credentials. The only required resource is a config path (~/germany/) — proportionate for storing trip memory and expected for this purpose.
Persistence & Privilege: noteThe skill persists trip context in ~/germany/ (creates/reads memory.md). This is expected for a planning skill, but it means any sensitive trip details written there will be readable by the skill. The skill is not 'always' enabled and does not request extra platform-level privileges.