Skillv1.0.0

ClawScan security

Reddit Post · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 20, 2026, 9:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (moving drafts, adding URLs, updating logs) matches its description, but the runtime instructions require reading/writing shared filesystem paths that are not declared in the skill metadata — an incoherence you should validate before installing.
Guidance: This skill's instructions are consistent with a bookkeeping helper, but it will need permission to read and write files in shared/decisions/, shared/pending/, shared/posted/, and shared/memory/ — those paths are referenced in SKILL.md but not declared in the skill metadata. Before installing: (1) confirm the agent runner will grant the skill access only to the specific shared directories and not broader filesystem areas; (2) verify file permissions and backups for those folders; (3) test in a safe/dry-run environment (use sample files) to confirm behavior; (4) ask the publisher to update metadata to list the required config paths or explain why they were omitted; (5) remember the SKILL.md forbids posting to Reddit, but if you rely on autonomous invocation, monitor for any deviations (ensure logs/auditing are enabled). If you cannot confirm the file-access scope, treat the installation as higher risk.

Purpose & Capability: noteName/description align with bookkeeping after posting and the SKILL.md instructions implement that. However, the skill's metadata lists no required config paths or permissions while the instructions explicitly read and write many shared/* files; the metadata omission is inconsistent.
Instruction Scope: concernRuntime instructions direct the agent to read and modify files under shared/decisions/, shared/pending/, shared/posted/, and shared/memory/, and to write daily logs. Those file-system operations are narrowly scoped to post-posting bookkeeping (which is expected) but they are not declared in requires.config paths and therefore the skill's declared scope is incomplete. There are no commands or network endpoints in SKILL.md and the skill explicitly forbids posting to Reddit.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by an installer.
Credentials: okThe skill requests no environment variables, credentials, or external API keys. That is coherent with its stated bookkeeping purpose. No unexpected secrets or network tokens are requested.
Persistence & Privilege: okalways:false and default autonomous invocation are set (normal). The skill does not request persistent/privileged system-wide configuration or credentials and does not claim to modify other skills.