Skillv1.0.0

ClawScan security

Knowledge Router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 3:34 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it says: it scans local knowledge files (workspace and a ~/self-improving directory), ranks sources for a query, and emits a routing report; there are no network calls, no credentials, and no install steps.
Guidance: Before installing or running this skill: review the included scripts/knowledge_router.py and the references (they are bundled) to confirm the exact paths it reads. The tool scans your workspace files and ~/self-improving and prints small previews of files (first ~12 lines) in the generated report — so any sensitive content in those locations could appear in the report. There are no network calls or credential requests, and no installation downloads. To limit exposure, run with a restrictive --scope (e.g., memory-only, skills-only, audit-only) or in an isolated workspace, and choose an output path you control. If you do not want any home-directory access, remove or relocate the ~/self-improving files or edit the script to skip Path.home().

Review Dimensions

Purpose & Capability: okName/description match the actual behavior: the code and docs scan workspace knowledge files (MEMORY.md, memory/*.md, skills/*, logs/audit/*) and a self-improving directory in the user's home to classify and rank sources. The files accessed are coherent with the stated purpose of routing queries across knowledge layers.
Instruction Scope: noteSKILL.md and README describe scanning the listed knowledge sources and using scripts/knowledge_router.py. The runtime script reads file previews (first ~12 lines) from workspace paths and from Path.home()/self-improving. This is within scope but has privacy implications because it reads local files (including audit logs and any files under the stated paths) and surfaces their previews in the report.
Install Mechanism: okThere is no install spec and no network/download/install behavior. The skill is instruction-plus-script only, so it does not write or execute remote code during installation.
Credentials: noteThe skill requests no environment variables or credentials. However, it reads files from the workspace and from the user's home (~/'self-improving'), but the registry metadata lists no required config paths — a small mismatch in declared config requirements versus actual file reads. No secrets are requested or transmitted by the code.
Persistence & Privilege: okalways is false and the skill does not attempt to modify other skills or system-wide config. It can write an output report to a user-specified path (creates parent dirs if needed), which is expected for this utility.