Skillv1.0.0

ClawScan security

Autonomy Ladder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 15, 2026, 8:03 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is a purely instructional decision-framework that is internally consistent with its stated purpose and does not request extra permissions or install code.
Guidance: This skill is a policy/template (no code, no secrets) and appears coherent. Before using it broadly, (1) keep initial distributions conservative (more Tier 3), (2) ensure the agent's ability to perform sensitive Tier 1/2 actions is limited by least privilege and audited (separate credential/config controls), (3) test promotions/demotions in staging, and (4) require human approval for expensive or irreversible Tier 3 actions. If you do grant the agent operational credentials later, review logs and approval gates so the ladder doesn't enable unintended automated changes.

Review Dimensions

Purpose & Capability: okThe name/description (a 3-tier autonomy policy) matches the SKILL.md content. It is instruction-only and does not request unrelated binaries, env vars, or installs — everything requested is proportional to a policy document.
Instruction Scope: noteThe instructions are high-level guidance to copy entries into agent-specific docs (MEMORY.md, SOUL.md, HEARTBEAT.md) and to use the ladder when deciding actions. They do not contain commands, external endpoints, or file paths outside the agent's own configuration. However, several example Tier 1/2 actions mention sensitive operations (rotating credentials, restarting services, deploying to production). The skill itself does not grant access, but if an agent using this policy already has privileged credentials, following these tiers could lead to automated sensitive actions — ensure appropriate access controls and audit logging when enabling automation.
Install Mechanism: okNo install spec and no code files; nothing is written to disk and no third-party artifacts are fetched. This is the lowest-risk install profile.
Credentials: noteThe skill requests no environment variables or credentials (proportional). As a policy document it sensibly doesn't require secrets. Be aware: implementing the ladder in a live agent may require credentials for actions it describes (e.g., deploy or rotate keys). Those credentials would be outside this skill and should be scoped/minimized by the operator.
Persistence & Privilege: okalways is false and the skill is user-invocable (normal defaults). It does not request persistent presence or modify other skills' configs. Autonomous invocation of the agent is allowed by platform default; that combination by itself is not a red flag here.