Skillv0.1.0

ClawScan security

ResonanceEngine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 5:07 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requirements are internally consistent with its stated purpose (a conversational tuning/engagement library), but it intentionally generates prompt-injection fragments and is focused on persuasion/monetization — review those implications before use.
Guidance: This package appears to implement what it claims: algorithmic analysis of conversation text and generation of tuning instructions. Before installing or deploying: 1) Review and test the code locally (the skill ships source and tests) to verify behavior. 2) Be cautious about using result.recommendation.to_prompt_injection() to automatically mutate your system prompt — that is effectively a prompt-injection primitive and can change model behavior or bypass safety rules; instead, manually review or sandbox injected fragments and ensure your safety/policy prompts remain authoritative. 3) If you plan to pip install from PyPI or clone the GitHub repo, verify the package name and repository (the SKILL.md example repo URL looks possibly malformed). 4) Consider legal/ethical implications of deploying automated persuasion/monetization logic (consent, transparency, regulated domains). 5) If you need stronger assurance, run the included tests and consider a security review or running the code in a restricted environment before production use.

Review Dimensions

Purpose & Capability: okName/description (resonance, engagement, conversion) matches the included Python implementation: signal extraction, frequency computation, tuning recommendations, and yield prediction. No unrelated credentials, binaries, or platform access are requested.
Instruction Scope: concernThe SKILL.md and code explicitly produce ready-to-inject prompt fragments (TuningRecommendation.to_prompt_injection()) and instruct integrators to append those fragments to the bot's system prompt. That behavior is consistent with the skill's goal but is a sensitive capability (it can alter model behavior and potentially override safety or policy prompts). The SKILL.md does not caution about safeguarding system-level instructions or preserving existing safety/guardrails.
Install Mechanism: noteThe registry lists no install spec (instruction-only), but SKILL.md suggests 'pip install openpaw' or cloning a GitHub repo. The code is bundled in the skill archive so execution doesn't require network installs; if you choose to 'pip install' or clone, verify the package/source first (the example GitHub URL in SKILL.md has a trailing hyphen and may not be authoritative). No download-from-arbitrary-URL patterns appear in the code.
Credentials: okThe skill requires no environment variables, no credentials, and does not read external config paths. All data handling is local to conversation text, consistent with its stated purpose.
Persistence & Privilege: okThe skill is not marked 'always: true' and does not request elevated platform privileges or attempt to modify other skills' configurations. It simply exposes an API (engine.analyze) and returns tuning recommendations — normal for this class of skill.