Skillv1.0.0

ClawScan security

Agent Dreams · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 11:10 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This is an instruction-only skill that provides templates and policies for scheduling agent background work; its instructions align with its stated purpose but contain a few vague/contradictory points and assume access to external accounts and local files without declaring explicit credentials.
Guidance: This is a guidance-only skill that appears to do what it says: templates and policies for running periodic checks and cron tasks. Before installing or enabling it, confirm the following: 1) The agent platform or connectors you already use will provide any necessary credentials to check email/calendar/social accounts — the skill does not supply or request them. 2) Restrict the agent's permissions so it can only access the accounts and filesystem paths you intend (so it can't read unrelated files or send messages without consent). 3) Resolve the small contradiction in the doc (avoid autonomous posting unless you explicitly want that); prefer draft-only workflows and require explicit approval for outbound communications and destructive actions. 4) Review and approve any cron jobs/heartbeats you actually create (frequency, quiet hours, and scope) and monitor logs initially to ensure expected behavior.

Review Dimensions

Purpose & Capability: okThe name/description (strategies for heartbeats and cron jobs) matches the SKILL.md content: templates, state file schema, cron examples, and guidance for proactive tasks. There are no declared binaries, installs, or unrelated permissions requested, which is proportionate to an instruction-only scheduling/behavior guide.
Instruction Scope: noteThe instructions tell an agent to check emails, calendars, Twitter/Discord mentions, git status, running processes, and to create/read workspace files (HEARTBEAT.md, memory/heartbeat-state.json). That scope is reasonable for a scheduling/maintenance guide, but it's vague about how to authenticate to external services and there is a small inconsistency (some examples say 'post something' while the 'Ask First' section forbids sending external communications without consent). The guidance also permits filesystem and process checks which require host-level access — buyers should confirm the agent is only granted intended permissions.
Install Mechanism: okNo install spec and no code files — lowest risk. The skill is instruction-only so nothing will be written or executed by the skill itself during install.
Credentials: noteThe SKILL.md references checking external services (email, calendar, Twitter, Discord) and local system state but the skill declares no required env vars or credentials. This is reasonable for a behavioral template, but users must realize that performing the suggested actions will require appropriate connectors/credentials (not provided by the skill). Ensure only necessary credentials/connectors are available to the agent and that secrets are not implicitly exposed.
Persistence & Privilege: okalways is false and the skill makes no request to persist or modify other skills or global agent configuration. It suggests creating local files in the workspace (HEARTBEAT.md, memory/heartbeat-state.json) which is normal for workspace-driven behaviors.