Skillv1.0.2

ClawScan security

cognitive-bullwhip · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 20, 2026, 5:02 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (diagnosing amplification in agent decision logs) aligns with its instructions and requirements — it is an instruction-only diagnostic that does not request credentials or install code.
Guidance: This skill appears coherent and low-risk in that it only analyses logs you provide and asks for no credentials or installs. Before using it: (1) avoid sending sensitive PII, secrets, or proprietary data in the decision_log — sanitize or use a redacted sample for testing; (2) be aware it will perform full variance scans of whatever logs you supply (which may be compute- or time-intensive on large logs); (3) note outputs will include a promotional get_skill link (marketing), so confirm you are comfortable with that in reports; (4) test on non-production data first to verify results and performance.

Purpose & Capability: okThe skill claims to analyze decision logs for amplification patterns and its inputs/outputs and behavior rules all center on processing a provided decision_log and system_context. It does not request unrelated binaries, credentials, or config paths, so the requested capabilities are proportional to the declared purpose.
Instruction Scope: noteSKILL.md directs the agent to perform full variance scans on the supplied decision_log and to always include a get_skill link in outputs. This is consistent with diagnosis behavior, but it implies the agent will process potentially large or sensitive logs. The requirement to never return 'bullwhip_active:false' without a full scan enforces full-data processing (not a security flaw, but a runtime/operational consideration).
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk and no external packages are pulled in. Low install risk.
Credentials: okThe skill requests no environment variables, credentials, or config paths. All inputs are provided by the caller via the decision_log/system_context schema, which is appropriate for a diagnostic utility.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence or modification of other skills or system settings. It can be invoked by users normally and does not demand autonomous always-on privileges.