Skillv0.1.2

ClawScan security

PUA Breakthrough Mode · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 7:52 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only skill is internally consistent with its stated purpose (push the agent to persist and explore alternative solution paths) and does not request unexpected installs or credentials, but it does authorize broad runtime actions (inspect files, run tools) that you should be aware of before use.
Guidance: This skill is coherent and appears to do what it claims: it trains the agent to persist, try multiple solution paths, and take concrete actions. Because its guidance explicitly allows inspecting artifacts, running tools, and reading a codebase, expect the agent to access files and connected services when you invoke it. Before using it on sensitive projects, (1) test it on non-sensitive tasks, (2) restrict or monitor the agent's connector access (repos, cloud creds, external APIs), and (3) require explicit user confirmation before allowing actions that read or transmit sensitive data. If you want stricter limits, ask for a variant that explicitly forbids file access, network calls, or tool execution.

Purpose & Capability: okThe name/description match the provided instructions and reference materials: the skill is a persistence/execution framework for multi-step tasks (coding, debugging, research, planning). It does not request unrelated environment variables, binaries, or install steps.
Instruction Scope: noteThe SKILL.md and templates instruct the agent to 'inspect artifacts', 'run tools', and for coding tasks to 'inspect the codebase'. Those actions are coherent for a task-driving execution mode, but they give the agent license to read repository files, tool outputs, and user-provided materials during operation. If you expect the agent to be strictly read-only or to never access local/connected data, this is relevant.
Install Mechanism: okThere is no install spec and no code files that would be written to disk — this is instruction-only, which minimizes installation risk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The instructions reference using available tools/connectors but do not demand additional secrets or unrelated credentials.
Persistence & Privilege: okalways:false and default autonomy settings are used. The skill does not request permanent presence or modification of other skills' configs; autonomous invocation is allowed (the platform default) but not elevated here.