Skillv1.0.0

ClawScan security

Curiosity Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 24, 2026, 3:12 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime instructions are coherent with its stated purpose (structured curiosity for deeper reasoning); it requests no secrets or installs, but it does instruct the agent to use powerful tools (web_search/web_fetch/read/exec) and optionally persist open threads to memory — you should confirm tool permissions and opt-in to memory before enabling.
Guidance: This skill appears to do what it claims: help the agent 'dig deeper' using a structured loop. Before installing, verify two things in your agent environment: (1) which tools the agent can actually call — web_search/web_fetch are standard and expected, but 'read' and especially 'exec' can access local files or run commands; restrict or disable them if you don't want the skill to inspect or execute on your system. (2) Memory opt-in — the skill will store open threads in memory/curiosity-threads.md only if you allow it; decide whether you want persistent curiosity threads. If you lock down tool permissions and opt out of memory, the skill remains useful and low-risk. If you permit unrestricted exec/read and persistent memory, be aware of the higher blast radius and audit what gets stored or executed.

Review Dimensions

Purpose & Capability: okName/description (curiosity-driven reasoning) match the SKILL.md and example usage. Suggested tools (web_search, web_fetch, read, exec) and the included curiosity evaluation script are reasonable support for evaluating and enacting curiosity behaviors.
Instruction Scope: noteSKILL.md stays on-topic (OODA-C loop, doubt protocols, gap detection). It instructs the agent to use web_search/web_fetch/read/exec to fill gaps and to persist open threads to memory/curiosity-threads.md if the user opts in. 'read' and especially 'exec' are powerful — they can access local files or run commands; the skill does not mandate what to read/exec, so actual risk depends on the agent's tool permissions and how the integrator limits those tools.
Install Mechanism: okInstruction-only skill with no install spec and no required binaries. The included Python script is small, local, and understandable; nothing is downloaded or written to disk by an installer.
Credentials: okNo environment variables, credentials, or config paths are requested. The skill's behavior doesn't depend on external secrets, which is proportional to its stated goals.
Persistence & Privilege: notealways:false and normal autonomous invocation are appropriate. The skill suggests optionally storing persistent open threads in memory/curiosity-threads.md — this is reasonable but requires explicit user opt-in; confirm whether your agent runtime allows writing to that memory path and review what is stored.