Skillv1.1.0

ClawScan security

Harness Design Patterns · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 6, 2026, 1:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only design guide about agent harness patterns; its content and requirements are internally consistent with a documentation skill and it does not request credentials or install code.
Guidance: This skill is a documentation-only knowledgebase about harness design — it doesn't ask for credentials or install code itself. Before adopting its patterns: 1) recognize the guide instructs creating hooks and shell scripts that will read/write session files (sessions/*, TMPDIR, ~/.openclaw/shared-context) and use common shell tools (bash, jq, grep); ensure those paths/tools are acceptable in your environment. 2) The SKILL.md references env vars (HARNESS_PROFILE, HARNESS_DISABLED_HOOKS) — these are not secrets but are expected to be set by the implementer. 3) If you implement the examples, review any hook scripts for correct file paths, locking behavior, and to avoid accidentally exposing sensitive files; test in a sandbox before using in production. 4) The doc cites internal Claude Code behaviors and external links that may change; validate assumptions against your agent runtime. Overall the package is coherent and appropriate as a design reference, but treat code snippets as templates to review rather than ready-to-run artifacts.

Review Dimensions

Purpose & Capability: noteThe name/description match the included content: a set of harness design patterns and examples. The skill declares no required binaries, env vars, or installs, which is appropriate for a documentation-only skill. Note: the docs reference environment variables (HARNESS_PROFILE, HARNESS_DISABLED_HOOKS, TMPDIR), shell utilities (bash, jq, grep, mv), and specific filesystem locations (sessions/*, ~/.openclaw/shared-context). Those references are reasonable for implementation guidance but are not declared as requirements — verify your runtime will provide those tools/paths if you adopt the patterns.
Instruction Scope: noteSKILL.md is purely prose and examples; there are no executable files. However it includes concrete shell snippets and hook configurations that, if implemented, instruct agents or hooks to read/write local files (handoff/denials/bracket files), inspect transcripts, and inject prompts via hooks. This behavior is consistent with the skill's purpose (harness design) but means following the doc will create agents that read/write session state on disk and run hook scripts — review any concrete implementation for safety and correct paths.
Install Mechanism: okNo install spec and no code files — lowest-risk pattern for a skill. Nothing is downloaded or written by the skill itself.
Credentials: noteThe skill requests no credentials and declares no required env vars, which is appropriate for a patterns knowledgebase. Still, the documentation references several env vars and filesystem locations used to control behavior (e.g., HARNESS_PROFILE, HARNESS_DISABLED_HOOKS, TMPDIR, sessions/*). These are not secrets, but you should be aware the recommended patterns assume access to local filesystem and typical shell utilities.
Persistence & Privilege: okalways:false and user-invocable:true. The skill does not request persistent presence or special platform privileges and does not modify other skills' configs. Autonomous model invocation default is unchanged and is appropriate for a documentation skill.