Skillv3.0.2

ClawScan security

AI Company Framework · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 26, 2026, 7:19 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only framework that is internally consistent with its stated purpose, but it requests broad runtime permissions (file read/write, network API, and subagent/session capabilities) that you should review before enabling in production.
Guidance: This skill is primarily documentation, prompts, and standards for an internal 'AI Company' framework — its content matches that purpose and it asks for no secrets or installs. Before enabling it for autonomous use, check the following: 1) Verify the skill source/homepage and that you trust the owner (source is 'unknown' in the registry metadata). 2) Confirm your platform policy for permissions: file read/write, network API access, and mcp subagent/session capabilities are relatively powerful — restrict them or sandbox the skill if you don't want it spawning subagents or calling external APIs. 3) Audit and sandbox any integration with ai-company-hq or harness dependencies before granting production access. 4) If you need higher assurance, run the prompts in an isolated environment (developer sandbox) and inspect any runtime interactions with HQ/registry. If you want more confidence about network endpoints or exact runtime behavior, provide additional details about the platform's HQ/registry endpoints and the ai-company-hq/ai-company-harness skills for a deeper review.

Review Dimensions

Purpose & Capability: okName, description, and included prompts/references align with a framework/standardization skill. No unrelated environment variables or binaries are requested. Declared dependencies (ai-company-hq, ai-company-harness) and the documented responsibilities (registry, scaffolding, learning pipeline) coherently explain the need for inter-skill integration and registry access.
Instruction Scope: okSKILL.md and the prompts instruct the agent to read the skill index and reference docs, generate templates/prompts, run robustness checks, and integrate with HQ/registry. They do not instruct reading unrelated system files, pulling arbitrary URLs, or exfiltrating secrets. Prompts are copy-paste-ready for human use and the runtime guidance stays within framework/registry/scaffolding responsibilities.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to write or execute. That is the lowest-risk install mechanism and is proportionate for a documentation/patterns framework.
Credentials: noteThe skill requests no environment variables or credentials, which is appropriate. However, its declared permissions include file read/write and network: [api], and mcp: [sessions_send, subagents]. Those permissions are plausible for a framework that registers skills and interacts with HQ, but they are non-trivial privileges and should be justified by your runtime policy.
Persistence & Privilege: notealways:false (not forced into every agent) and model invocation is allowed (normal). The notable privilege is mcp sessions_send and subagents, which permit creating/communicating with subagents — a powerful capability that increases the skill's blast radius even if it is instruction-only. Confirm that platform-level controls and audit/tracing are in place.