ClawHub
Back to skill
v1.0.0

Office Hours

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:54 AM.

Analysis

The supplied artifacts show an instruction-only brainstorming and design-doc skill with read-only repository inspection and expected local document output.

GuidanceBefore installing, know that this skill is meant to inspect the current repository’s context and create a design document, not implement code. It shows no credential, network, package-install, or background behavior, but you should use it only where local project files are appropriate for the agent to read.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
Run `git log --oneline -30` and `git diff origin/main --stat` ... Use Grep/Glob to map the codebase areas most relevant to the user's request.

The skill directs the agent to use local repository inspection tools. These commands are read-only and tied to the design-doc purpose, but users should know the agent may inspect repo history, diffs, and files.

User impactThe agent may look at the current repository’s recent history, branch diff summary, and relevant files before giving product/design advice.
RecommendationUse this skill only in repositories whose contents you are comfortable letting the agent inspect, and review the generated design document before relying on it.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
SKILL.md
Read `CLAUDE.md`, `TODOS.md` (if they exist). ... List existing design docs for this project

The workflow uses persistent project documents and prior design docs as context. That is purpose-aligned, but stale or untrusted project notes could influence the new design document.

User impactExisting project files may shape the recommendations and could carry outdated assumptions or unwanted instructions into the design session.
RecommendationKeep project guidance and prior design docs current, and review the generated output for assumptions inherited from older local files.