v1.0.0

CPC/MPQC Training & Competence Tracking (UK)

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:50 AM.

Analysis

This is a coherent instruction-only training compliance tracker, with the main user-noticeable issue being that its outputs may contain employee training and evidence-location data.

GuidanceThis skill appears safe and purpose-aligned for preparing CPC/MPQC training matrices, reminder plans, and compliance reports. Before using it, make sure any driver IDs, certificate details, and evidence links you provide are appropriate to share in the chat and that generated files are stored according to your company’s data-handling policy.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Driver list (name/ID), roles, depots ... Expiry dates, certificates, providers, past completion records

The skill asks users to provide employee-identifying training and certification data so it can produce compliance tracking outputs. This is purpose-aligned, but the resulting context and files should be treated as internal records.

User impactThe generated matrix and reports could contain staff identifiers, training status, certificate details, and internal evidence locations.

RecommendationOnly include the minimum employee and certificate details needed, avoid pasting unnecessary sensitive records, and store generated reports in an appropriate internal location.