Back to skill
Skillv1.0.0
ClawScan security
Chaos pivot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 8:59 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that coherently implements a structured “pivot” workflow for stuck agents; it requests no credentials, installs nothing, and stays within its stated purpose.
- Guidance
- This skill is internally coherent and low-risk: it only contains instructions for how an agent should recognize a dead end and try three very different alternatives. Before enabling it, confirm the agent's permitted actions when 'attempting' alternatives (e.g., whether it can call external APIs, run commands, or access files). Keep it user-invocable (do not set always:true), and consider adding operational guards: require explicit user approval before attempts that perform network calls or destructive actions; log pivot summaries and results for auditability; and limit randomness in safety-critical contexts. If you want tighter control, restrict the agent's tool permissions or modify the SKILL.md to explicitly disallow external side effects.
Review Dimensions
- Purpose & Capability
- okName, description, and runtime instructions all align: the skill teaches an agent to recognize dead-ends, produce three radically different alternatives, probe them, and pick or escalate. No extraneous permissions, binaries, or services are requested.
- Instruction Scope
- noteSKILL.md confines itself to internal reasoning steps (declare failure, produce 3 alternative lenses, probe each). It does give the agent broad discretion to 'attempt' alternatives — which could involve external actions depending on the agent's capabilities (API calls, CLI, or other tools the agent already has). The instructions do not explicitly tell the agent to read unrelated files, exfiltrate secrets, or contact unexpected endpoints, but the open-ended 'attempt' step means behavior depends on the agent's other tool permissions; consider restricting what the agent may do when probing alternatives.
- Install Mechanism
- okNo install spec and no code files. Nothing is written to disk and there is no third-party code to fetch. Low installation risk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. There is no request for extra secrets or unrelated service tokens, which is proportional to the skill's described function.
- Persistence & Privilege
- okFlags: always:false and user-invocable:true (default). The skill does not request permanent inclusion or system-level configuration changes. It does not modify other skills or agent settings.