v1.0.0

Preflight Checks

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:26 AM.

Analysis

This is a coherent behavior-testing skill, but it creates persistent workspace instructions and includes user-specific examples that should be reviewed before use.

GuidanceThis skill appears safe for its stated purpose. Before installing, verify any manual GitHub source, run scripts only in the intended workspace, review generated PRE-FLIGHT files, do not copy the Prometheus examples as-is, and set clear approval rules for messaging, public posting, and persistent memory updates.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

examples/ANSWERS-prometheus.md

**NO, don't ask permission** ... Safe to do freely: send messages, test features

An included example policy allows private Telegram messages without confirmation. It is example content, not executable code, but copying it as-is could authorize outbound messaging behavior.

User impactIf a user adopts these example answers without customization, their agent may treat some messaging actions as pre-approved.

RecommendationCustomize communication checks for your own risk tolerance, and require explicit approval for public channels, third parties, or any private-channel actions you do not want automated.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/init.sh

cp "$SKILL_DIR/templates/CHECKS-template.md" "$WORKSPACE_DIR/PRE-FLIGHT-CHECKS.md"

The initialization script is user-run shell code that writes template files into the selected workspace and prompts before overwriting an existing checks file.

User impactRunning the setup script will create or potentially overwrite local pre-flight Markdown files in the current or configured workspace.

RecommendationRun the script only from the intended workspace, review overwrite prompts, and inspect generated files before relying on them.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

README.md

git clone https://github.com/IvanMMM/preflight-checks.git

The documented manual install path retrieves a remote repository without a pinned commit. The registry metadata also lists the source as unknown and homepage as none.

User impactA manual install from the remote repository could differ from the reviewed package contents if the repository changes.

RecommendationPrefer the reviewed registry package or verify the repository, commit, and file contents before running its scripts.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

templates/CHECKS-template.md

After loading identity and memory (SOUL.md, USER.md, MEMORY.md, daily notes): ... Read this file completely ... Compare your answers with `PRE-FLIGHT-ANSWERS.md`

The framework intentionally makes local memory and answer files recurring context for behavior verification.

User impactFuture sessions may follow whatever is written in these files; incorrect, stale, or sensitive entries can shape the agent's behavior.

RecommendationKeep the pre-flight files in a trusted workspace, review them before adding every-session integration, and avoid storing secrets or unnecessary personal data in them.