Back to skill
Skillv1.0.1
ClawScan security
task-plan-generator_cn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 1:29 PM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requested accesses are consistent with a local task-planning / report-archiving helper, but there are a few small mismatches and privacy-relevant file access choices you should review before use.
- Guidance
- This skill is generally coherent for local task planning and report archiving. Before installing: (1) confirm you are comfortable allowing the agent to read plan_source.md from the workspace, parent directory, or your home (~/.claude/resources); (2) note the SKILL.md uses shell commands (cat/grep/jq) but the skill declares no required binaries — ensure 'jq' (and a shell) are available or adjust the instructions; (3) verify the archive path ({workspace}/task_reports/) is the intended location and that the auto-clean policy (delete >90 days) will not remove important files; (4) avoid placing sensitive credentials or unrelated private data in plan_source.md or the searched directories. If you want tighter control, restrict the allowed search paths to a specific project folder and confirm/preview any deletions before they run.
Review Dimensions
- Purpose & Capability
- okThe name/description (generate multi-option task plans, archive reports, and optimize) match the SKILL.md instructions: analyze tasks, read a local plan_source.md, produce 2–3 plans, ask for confirmations, and archive task_reports. No unrelated services, credentials, or installers are requested.
- Instruction Scope
- noteThe runtime instructions explicitly tell the agent to read/write files in the workspace, parent directory, and ~/.claude/resources, and to aggregate historical report data (cat/grep/jq examples). This stays within the stated planning/archiving purpose, but the search path includes the user's home directory and parent directories which could expose unrelated files. The doc also uses shell tooling (grep/jq) without declaring required binaries.
- Install Mechanism
- okThis is instruction-only with no install spec or downloaded artifacts, so nothing is written to disk by an installer. That reduces supply-chain risk.
- Credentials
- noteThe skill declares no required env vars or credentials (appropriate). However it reads config/resource files from ~/.claude/resources and workspace/parent directories (file paths not declared in requires.config), which is reasonable for its purpose but broad — review whether accessing the home directory is acceptable in your environment.
- Persistence & Privilege
- notealways:false (normal). The skill expects to write archived reports to {workspace}/task_reports and perform automatic cleanup (>90 days). Writing and deleting files inside the workspace is coherent with the purpose, but you should confirm the cleanup behavior and scope to avoid unintended deletion outside the intended folder.