Back to skill
Skillv0.1.0
ClawScan security
Reminder Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 16, 2026, 3:53 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are consistent with a reminder/cron scheduling helper and do not request unrelated credentials or install code — it appears to be what it says it is.
- Guidance
- This skill is internally coherent for creating and managing reminders. Before installing, verify: (1) your platform's "cron" tool and what payload.kind="systemEvent" and sessionTarget="main" actually do (delivery behavior, visibility, and any side effects); (2) that the agent will always show the confirmation prompt the skill requires before creating recurring jobs; and (3) that reminder payloads will not leak sensitive info (the skill warns about secrets, but you should still avoid including tokens/passwords in reminder text). If you need higher assurance, ask the publisher for a link to platform docs or an implementation example showing the cron API calls this SKILL.md expects.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: the SKILL.md only describes parsing reminder intents, confirming schedules, and creating/listing/cancelling cron jobs. There are no unrelated env vars, binaries, or install steps requested.
- Instruction Scope
- noteInstructions stay within reminder management (create/list/remove/snooze) and explicitly forbid including secrets and spammy broadcasts. A small caveat: it tells the agent to include light conversational context and to use payload.kind="systemEvent" and sessionTarget="main" — these are platform-specific fields that could affect where and how reminders are delivered, so the operator should confirm what "systemEvent" and sessionTarget imply on your platform (delivery channel, visibility, privileges).
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing is written to disk and no external packages are pulled. This minimizes install-time risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The SKILL.md does not instruct reading unrelated secrets or system files; it even warns to avoid secrets in reminder payloads.
- Persistence & Privilege
- notealways is false and there are no install side-effects. The skill can be invoked autonomously (platform default) but that is not, by itself, a red flag. If you are concerned about autonomous scheduling, verify platform controls for when the agent can create cron jobs and whether user confirmation prompts are enforced at runtime.