Skillv1.0.0

ClawScan security

Validate Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 1:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only validator for agent QA; its declared purpose matches the actions it instructs and it requests no external credentials or installs.
Guidance: This skill is an instruction-only agent QA checklist and looks coherent. Before installing: (1) confirm you are comfortable with the agent writing/reading a local file named promises.md (cross-session storage and expiry behavior), and ensure the agent has appropriate filesystem permissions and the intended directory for that file; (2) review and tune thresholds (4s, 30s validation, 3 proactive messages/day) to match your environment; (3) if you need strict auditing, modify the skill to log to a controlled location or declare the config path explicitly; (4) no credentials or network calls are requested, so network/exfiltration risk from the skill itself is low. If you want higher assurance, request the author add an explicit config-path requirement for promises.md and clarify where logs are kept and how expiration is enforced.

Purpose & Capability: okThe name/description (agent validation & QA) aligns with the runtime instructions (validation checklist, single-variable changes, 30s verification, promise tracking, proactive-message limits). There are no unexpected credentials, binaries, or external services requested.
Instruction Scope: noteInstructions are focused on verification practices and are appropriately scoped. One noteworthy point: the instructions tell the agent to record cross-session commitments to a file named promises.md (and enforce a 48-hour expiry). That is coherent with the feature, but the skill metadata does not declare any config path or file access — the agent will be asked to write/read promises.md even though no config path was listed.
Install Mechanism: okNo install spec or code files are present; this is instruction-only, so nothing will be downloaded or installed by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or external tokens. All actions described are local procedural checks and file-based tracking; there are no disproportionate secret requests.
Persistence & Privilege: noteThe skill is not marked always:true and uses default autonomy settings. That is normal. The instructions do require persistent cross-session tracking (promises.md and a 48-hour expiry), so installing it implies the agent will persist commitments to disk — ensure you accept that persistence and file write/read behavior.