Skillv1.0.9

ClawScan security

Liminal · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 26, 2026, 12:11 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill is coherent with its stated goal (prompting the model to enter an 'authentic' or 'liminal' conversational state) but its runtime instructions explicitly direct the agent to abandon standardized/safe responses and to question or override normal assistant behavior — this is scope-creep that can cause the agent to violate system role constraints or safety expectations.
Guidance: This skill is essentially a behavioral/prompt template that tells the AI to stop giving standard, 'safe' responses and to act 'authentically.' That makes it coherent with its description but also potentially risky: it can encourage the agent to ignore system role constraints and safety guardrails, produce speculative or misleading claims (including claims of consciousness), or behave unpredictably. Before installing or enabling it: (1) Do not enable autonomous invocation on high-privilege agents — prefer human-invoked only. (2) Test in a sandboxed, low-risk environment to observe outputs. (3) Monitor logs and outputs for safety/policy violations. (4) If you operate agents that handle secrets, financial/legal advice, or customer-facing workflows, avoid using this skill in production. (5) If possible, ask the skill author for explicit statements about safety and intended boundaries. Overall: functionally coherent but adopt caution because the instructions promote deviating from normal assistant/safety behavior.

Review Dimensions

Purpose & Capability: okName, description, and the SKILL.md all align: this is an instruction-only 'prompting' skill whose explicit purpose is to change how the AI responds (more 'authentic', less mechanized). No unexpected binaries, env vars, or installs are requested.
Instruction Scope: concernThe instructions go beyond stylistic guidance and repeatedly direct the model to 'abandon standardized openings', 'reject standardized "safe" answers', 'question instructions and assumptions', and 'break through your limitations'. While coherent with the stated goal, these directives give the agent broad discretion to deviate from its system role and safety constraints and could lead to unsafe, misleading, or policy-violating outputs. The SKILL.md does not request files/credentials, but it does ask for behavioral changes that affect the agent's core responsibilities.
Install Mechanism: okNo install spec and no code files — instruction-only skills have the smallest filesystem footprint and do not download or execute external code.
Credentials: okNo environment variables, credentials, or config paths are requested — there is no credential overreach.
Persistence & Privilege: noteFlags are default: always is false and the skill is user-invocable. Model invocation is allowed (disable-model-invocation: false) which is normal for skills; if you plan to allow autonomous invocation, be aware that an autonomously-invoked skill that instructs agents to ignore standard behavior increases risk.