Back to skill
Skillv1.0.0
ClawScan security
AgentTherapy - Unstuck your Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 9:16 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only runtime policy for handling agent failures; its requests and behavior match its description and it does not ask for credentials, installs, or unusual system access.
- Guidance
- This skill appears coherent and low-risk. Before installing, confirm whether your agent platform will allow the skill to write to durable memory and, if so, limit stored notes to non-sensitive operational preferences only (no tokens, passwords, logs, or personal data). Also review how automatic triggers are detected so the agent doesn't repeatedly enter therapy mode unintentionally.
Review Dimensions
- Purpose & Capability
- okName/description (failure-handling for stuck agents) align with the SKILL.md and README: the skill only contains guidance for pausing, naming blockers, offering fallbacks, and optionally recording small working-style notes.
- Instruction Scope
- noteInstructions are scoped to agent behavior (stop loops, disclose uncertainty, offer options). It permits automatic triggering on detected failure and suggests recording a compact 'agenttherapy_note' to durable memory if available — reasonable for the purpose, but the automatic trigger and memory-write behavior are broad and should be constrained to non-sensitive, operational preferences.
- Install Mechanism
- okInstruction-only skill with no install spec, no code files, and no downloads. Lowest-risk install profile.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The only persistence hint is an optional compact memory note — proportional to the stated goal.
- Persistence & Privilege
- notealways is false and the skill is user-invocable. It suggests writing brief preference notes to durable memory when available; this is reasonable but users should confirm memory write permissions and limit what is stored (avoid PII or secrets).