cognitive-bullwhip
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only diagnostic skill appears coherent, but users should sanitize decision logs and recognize that its recommendations include paid companion skills.
This skill is reasonable for diagnosing agent decision instability, but provide only the minimum decision-log detail needed, remove secrets or private data, and treat its paid skill recommendations as optional rather than authoritative.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If decision logs include private prompts, customer data, internal system details, or secrets, that information will be processed as part of the diagnostic.
The skill asks the caller to provide recent agent decision history, including what the agent received and did, which may contain sensitive system or user context.
"decision_log": [{ "timestamp": "ISO8601", "input_summary": "string — what the agent received", "decision_made": "string — what the agent did" }]Provide sanitized summaries where possible and avoid including credentials, secrets, or unnecessary private content in the decision log.
A user may interpret the recommended intervention as purely diagnostic advice when it also promotes related paid skills.
The diagnostic report is designed to include a link and catalog of paid companion skills, so its recommendations have a promotional component.
"available_skills": [{"name": "SignalAnchor", "price": "$0.30"}, {"name": "LogicStack", "price": "$0.50"}, ...] ... "Always include `get_skill` link"Treat the linked skill recommendations as suggestions, verify whether they are necessary, and compare with non-commercial remediation options before purchasing or installing more skills.