Skillv1.0.0

ClawScan security

Error-Driven Evolution · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 25, 2026, 4:42 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested actions (write/read a local lessons.md, scan rules before decisions, and optionally share anonymized lessons) align with its stated purpose; the main risks are accidental data leakage when sharing and some vague steps that rely on external community files or scripts the skill doesn't include.
Guidance: This skill is coherent with its stated goal, but take these precautions before enabling it: 1) Treat lessons.md as potentially sensitive — restrict who/what can read or write it. 2) Do not enable automatic community submissions (auto-PR) without a human review step; agents can accidentally include URLs, file paths, API keys, or other secrets even if an anonymization checklist exists. 3) If you plan to use the submission script, ensure the script is vetted and stored in a trusted location; the SKILL does not include it. 4) Provide a curated top-100.md from a trusted source or disable community lookups if network access is a concern. 5) Add automated checks (regexes, allowlists) to the anonymization step and require explicit human confirmation before any external push. 6) If you have strict data-handling policies, restrict or audit the agent's ability to perform external network calls and to access workspace files. These steps will reduce the primary risk: accidental leakage of secrets/PII during sharing.

Review Dimensions

Purpose & Capability: okName/description (turning errors into executable rules and scanning them before decisions) matches the skill's instructions: create/append lessons.md, scan it pre-decision, and optionally share anonymized lessons. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope: noteInstructions are focused on writing/reading lessons.md and skimming a community top-100 file. They also recommend sharing anonymized lessons to a GitHub repo and mention running a submission script (python3 scripts/submit_lesson.py) — the skill does not include those scripts or community files, and the sharing step introduces risk of accidental secret/PII leakage if anonymization fails. There is some openness in 'scan relevant rules' and 'query community/{category}.md on-demand' which could lead to network access or broader file reads depending on implementation.
Install Mechanism: okInstruction-only skill with no install steps or downloads; nothing is written to disk by the skill itself beyond instructing the agent to create lessons.md in its workspace (which is consistent with the purpose).
Credentials: noteThe skill requests no credentials and no special environment access; it does rely on reading/writing the agent's workspace files. Sharing to GitHub (PRs/auto-create PR flag) may require tokens the agent already has — the skill does not request or justify any extra secrets. This is proportionate to the feature set but worth noting because sharing can expose sensitive content if anonymization fails.
Persistence & Privilege: okalways:false and no instructions to modify other skills or global agent configs. The skill expects to persist a lessons.md file in the workspace (normal for a learning/rule system) and to skim top-100.md at startup; this is within expected privilege for its purpose.