Skillv1.0.0

ClawScan security

Mio智能聊天 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 7:14 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are internally consistent with a local habit-learning, proactive chat and task-classification assistant; it stores data locally and does not request external credentials or make network calls.
Guidance: This skill appears coherent and local-only: it stores user habit data in a data/ folder next to the skill (data/habits.json) and does not request network credentials or perform external calls. Before installing, consider: 1) confirm where the agent runtime places the skill files so you know who can access data/habits.json (other users or services on the host may read it); 2) if you expect actual multi-agent dispatching, verify how the host platform will interpret 'dispatched' results since the code does not spawn child agents or call external endpoints; 3) if you have privacy concerns, review or sandbox the skill directory and clear or encrypt habit files if needed. If you want the skill to actually invoke sub-agents or remote services, request an updated version that explicitly implements and documents that behavior and lists any required credentials.

Review Dimensions

Purpose & Capability: okName/description (主动聊天，习惯学习，任务分发) match the included files. The code implements habit recording, idle detection, intent classification and a task-dispatch stub; these capabilities align with the stated purpose and require no extra credentials or binaries.
Instruction Scope: noteSKILL.md describes 'spawn子Agent处理' (spawn subAgents) and proactive triggering; the code provides a dispatchTask function that classifies and returns dispatched:true but does not actually spawn processes, make network calls, or invoke other agents. The proactive trigger exists as initiateChat/detectFreeState but there is no autonomous scheduler in the code—execution relies on the host agent calling these functions. This is a minor implementation-documentation mismatch, not an obvious security issue.
Install Mechanism: okNo install spec or external download; skill is delivered as files (index.js, config.json, SKILL.md). No package installation or archive extraction is performed by the skill itself.
Credentials: okThe skill declares no required environment variables, credentials, or external config paths. The code only reads/writes JSON files under a local data/ directory relative to the skill (habits.json, tasks.json). Requested access is proportional to its stated behavior (local habit storage).
Persistence & Privilege: okThe skill is not always-on and does not request elevated/persistent platform privileges. It persists data only to its own data/ directory and does not modify other skills or global agent configs.