Skillv1.0.0

ClawScan security

Random Thought · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 8:17 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, scripts, and runtime instructions match its stated purpose (picking workspace files, writing reflections, and curating digests); it does not request extra credentials or install remote code, but it will read files in your workspace and write history/output files there, so review config/exclude lists before use.
Guidance: This skill is internally consistent and does what it says: it scans your workspace (respecting exclude patterns), selects files, and writes reflections and digests into the workspace. Before installing or scheduling it: (1) review and customize random-thought.config.json to ensure sensitive paths (keys, credentials, .env, private data) are excluded; (2) note that the skill will create a history file (default .random-thought-history) and output directory (default random-thought-output) in the workspace; (3) if you enable cron/autonomous runs, consider running a manual writer invocation first to confirm behavior; (4) if you plan to have the agent post to external systems, verify how that integration is configured — the skill mentions posting but provides no built-in external-channel config or credential handling. If you want an extra safety step, run the scripts locally in a disposable workspace copy to observe selected files and outputs before giving the agent autonomous access.

Review Dimensions

Purpose & Capability: okName/description match the actual artifacts: two bash scripts implement file selection and freshness tracking, SKILL.md describes Writer/Curator behavior, and the file I/O requested is consistent with producing reflections and digests. No unrelated credentials, binaries, or network endpoints are required by the package.
Instruction Scope: noteInstructions explicitly tell the agent to read selected workspace files (up to configured limits), write reflections, and synthesize digests — this is consistent with purpose. SKILL.md mentions 'deliver the output (post to configured channel, write to file, or return to caller)' but there is no built-in channel/integration config or required env vars; that is a vague area you should confirm (how your agent would post externally). The scripts themselves do not perform network I/O or read unrelated system credentials.
Install Mechanism: okNo install spec or remote downloads; the skill is instruction + local scripts only. It relies on standard tools (bash, find, python3). Nothing is fetched from arbitrary URLs or written outside the workspace.
Credentials: okThe skill declares no required environment variables or secrets, and the scripts operate using a JSON config in the workspace. The only notable capability is the configurable action tag 'agent-execute', which signals items that the agent could act on autonomously — this is a workflow design choice rather than a hidden credential requirement.
Persistence & Privilege: okThe skill does not request elevated privileges or force installation (always:false). It writes a history file and output files inside the workspace (configurable names/paths), which is expected for freshness tracking and digest output. It does not modify other skills or system-wide settings.