Skillv1.0.0

ClawScan security

PsyVector pv42 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 13, 2026, 9:21 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only roleplay skill that behaves like a mediation/HR facilitator; its declared requirements (none) and instructions are coherent with that purpose and don't request unexpected credentials or installs.
Guidance: This skill is internally coherent and appears to be a roleplaying mediation assistant. Before installing, consider the following: (1) The skill expects lengthy interviews and may prompt for sensitive personal or HR information — avoid supplying confidential documents, identity credentials, or proprietary files via the skill. (2) Clarify what the ambiguous 'use tools' step will access (calendar, email, chat, recording/storage) and whether those connectors are enabled in your agent; if unsure, disable automatic connectors or limit the skill to manual use. (3) Because it can collect PII during sessions, ensure you have consent from participants and comply with your organization's privacy policies. (4) If you want to restrict autonomous behavior, disable autonomous invocation for this skill in your agent settings. If you need a deeper audit, request the full (untruncated) SKILL.md and any follow-up instructions about external tool usage so you can verify there are no hidden data exfiltration steps.

Purpose & Capability: okThe name, description, and SKILL.md all describe a mediation/HR conflict-resolution role. There are no declared binaries, env vars, or config paths that would be unrelated to this purpose.
Instruction Scope: noteThe SKILL.md directs the agent to act as a mediator, perform one-on-one deep conversations, use the 'Agentic Protocol' and explicitly says '必须使用工具' (must use tools). That is consistent with a mediator role, but 'use tools' is vague — the skill could rely on the host agent's connectors (calendar, chat, email, note-taking) to schedule or record sessions. This may lead to collection/transmission of sensitive personal or HR data during mediation. The file is otherwise instruction-only and does not instruct reading local files, environment variables, or fetching arbitrary remote code.
Install Mechanism: okNo install spec and no code files are present. Instruction-only skills have minimal install footprint and nothing will be written to disk by the skill itself.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There are no requests for unrelated secrets or system access in the SKILL.md.
Persistence & Privilege: okalways is false and the skill is user-invocable. disable-model-invocation is false (normal platform default). The skill does not request permanent presence or attempt to modify other skills or global agent settings.