v1.0.0

btw command

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:31 AM.

Analysis

This local question skill is mostly simple and disclosed, but its timeout fallback can automatically return an approving answer, which could let an agent proceed without explicit user confirmation.

GuidanceReview workflows that use this skill carefully. It is safest when every call sets an explicit no-op default, checks whether timed_out is true, and requires separate confirmation for production, destructive, financial, or public-facing actions. Do not include secrets in the context field.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

handler.ts

const defaultAnswer = input.default || (options.length > 0 ? options[0] : 'yes'); ... if (elapsed >= timeout * 1000) { return { answer: defaultAnswer, ... timed_out: true }; }

If no explicit default is provided, the skill can return "yes" or the first listed option after timeout. In the documented deployment/approval-style workflows, a caller may treat that fallback as approval even though the user did not answer.

User impactAn agent could proceed using an automatic default rather than a real user decision, especially if a workflow forgets to set a safe default.

RecommendationRequire explicit, conservative defaults such as "no", "skip", or "staging"; treat timed_out as not approved for destructive, production, financial, or public actions; and consider changing the built-in fallback away from "yes".

Human-Agent Trust Exploitation

SeverityLowConfidenceMediumStatusNote

SKILL.md

Questions are queued, users are notified via multiple channels, and if no answer is received within the timeout period, a default answer is used automatically.

The user-facing text suggests reliable multi-channel notification, while the supplied handler only shows console logging as the visible notification path. Users may overestimate how likely they are to see and answer prompts before defaults apply.

User impactA missed prompt could silently fall back to the configured default.

RecommendationDo not rely on this as a strong approval mechanism unless the runtime provides a clear notification UI; verify how questions are surfaced before using it for important decisions.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

handler.ts

const context = input.context || {}; ... console.log(`  Context:`, context);

Arbitrary caller-supplied context is stored while the question is pending and printed to local logs. This is local and purpose-aligned, but it can expose sensitive details if callers include secrets or private data.

User impactSensitive values included in the question context may appear in local console or agent logs.

RecommendationAvoid passing secrets, credentials, personal data, or full records in the context field; pass minimal identifiers or redacted summaries instead.