ClawHub

Spec Writer

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This instruction-only skill is coherent for drafting implementation specs, with modest notes because it may read project context and save a persistent spec file.

Before installing, be aware that this skill may inspect relevant project files and linked materials to draft a spec, then save a Markdown spec after review. This is normal for its purpose; just review the generated document for accuracy and sensitive details before confirming.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Low
What this means

The generated spec may include details from private project files or linked issue/design documents.

Why it was flagged

The skill directs the agent to inspect available project materials to draft the spec. This is purpose-aligned, but users should know it may read relevant local project files and referenced sources.

Skill content
Collect information from available sources. Do not ask the user for things you can find yourself. ... From the project (if accessible): Tech stack ... Project structure ... Existing architecture docs ... Code style patterns ... Test setup ... Git workflow
Recommendation

Use it only in the intended project workspace and review the draft before confirming or saving it.

#ASI06: Memory and Context Poisoning
Low
What this means

Future coding agents or team members may rely on the saved spec, so mistakes or sensitive details could affect later implementation work.

Why it was flagged

The skill intentionally creates a persistent Markdown document that may be reused by future agents or humans. This is central to the purpose, but inaccurate, overbroad, or sensitive content in the spec could carry forward.

Skill content
Spec is the source of truth — It persists across sessions, anchoring the agent when context gets long or sessions restart.
Recommendation

Review the final spec carefully, remove unnecessary sensitive information, and update it when decisions change.