Skillv1.0.0

ClawScan security

Personal Board of Directors · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 2:19 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requirements are consistent with its stated purpose (building local, YAML-driven persona boards) and do not request unrelated credentials or network access.
Guidance: This package appears coherent and local-only, but take these precautions before installing or running it: 1) Inspect the remaining/omitted source files (templates and any runtime code) yourself or in a sandbox; 2) Run the tool inside a Python virtualenv to avoid contaminating system packages; 3) Do not place secrets or API keys in your persona YAML files (the tool will read whatever YAML you point it at); 4) The registry metadata lists an unexplained binary requirement 'uv'—confirm whether you actually need it (it likely isn't required); 5) If you want extra assurance, verify the repository link in SKILL.md (https://github.com/PersonaNexus/personanexus) and prefer an official, pinned release instead of arbitrary code. Overall there are no red flags that contradict the skill's stated purpose.

Review Dimensions

Purpose & Capability: okName/description (historical-board personas) align with the bundled Python code and CLI for parsing, validating, and compiling persona YAML files. Required binaries (python3, pip) and the listed Python dependencies (pydantic, pyyaml, typer, rich) are reasonable for this functionality. One minor oddity: the 'anyBins' list includes 'uv', which is unexplained by the README or SKILL.md and is likely unnecessary but not harmful.
Instruction Scope: okSKILL.md instructs only local operations (install Python deps, read/validate/compile local YAML identity files, and run the included CLI). The sampled source files show YAML parsing, local prompt generation, validation, and compilation; there are no obvious network calls, env-var reads, or references to unrelated system files in the provided snippets. As the documentation states, identity YAML files should not contain secrets — the skill will read whatever YAML you point it at, so avoid putting credentials into those files.
Install Mechanism: noteRegistry metadata claims 'No install spec — instruction-only', yet the bundle includes a full Python package (multiple .py files and templates). Runtime instructions expect you to pip-install dependencies. This is not inherently malicious, but it's an inconsistency: the skill will operate by running Python code from the bundle (or code you install locally). The installation route is standard (pip packages listed), not a remote archive download or obscure URL, so risk is moderate-to-low if you install in an isolated environment (virtualenv).
Credentials: okThe skill declares no required environment variables or credentials and the code samples do not show access to secrets or unrelated environment settings. That is proportionate to a local persona/compilation tool. Still, because the tool reads arbitrary YAML files you supply, ensure those files do not contain sensitive credentials.
Persistence & Privilege: okThe skill is not force-included (always: false) and does not declare elevated privileges or system-wide changes. It does not request to modify other skills' configs. Allowing autonomous invocation is the platform default and is not by itself a concern here.