Back to skill
Skillv1.0.0
ClawScan security
Agentic Workflow System · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 1:09 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, required artifacts, and behavior are coherent with its stated purpose (a Kanban + heartbeat + QA subagent workflow) and it does not request external credentials or install code.
- Guidance
- This skill is internally consistent for setting up a workspace-level Kanban + heartbeat + QA subagent workflow and does not request credentials or install code. Before enabling it: (1) review and test the TASK_BOARD.yaml/HEARTBEAT.md changes in a safe/test workspace so you know exactly what will be written and when; (2) confirm that your OpenClaw environment's sessions_spawn/subagent behavior is trusted (subagents will receive outputs and goals you produce); (3) avoid putting sensitive secrets or private data into task payloads that will be passed to subagents; (4) ensure you have audit/logging so you can see actions the agent performs while it's being silent between DONE/BLOCKED messages. No regex scan findings were present (instruction-only), but that doesn't replace manual review of the files the agent will create/modify.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: the skill tells the agent to create a TASK_BOARD.yaml, add heartbeat executor logic to HEARTBEAT.md, and use a QA subagent to verify outputs. Nothing requested (no env vars, no binaries, no installs) is out of scope for a workspace-level agentic workflow.
- Instruction Scope
- noteInstructions direct the agent to read and write files in the workspace root (TASK_BOARD.yaml and HEARTBEAT.md) and to spawn subagents via sessions_spawn(runtime="subagent"). These actions are consistent with the workflow purpose, but they give the agent authority to modify repository/workspace files and to invoke subagents that will process produced outputs. The skill also requires the agent to remain silent except for DONE/BLOCKED notifications, which reduces user visibility into intermediate actions.
- Install Mechanism
- okInstruction-only skill with no install steps and no code files. Nothing will be downloaded or written by an installer; risk from installation is minimal.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not ask for access to unrelated services or secrets.
- Persistence & Privilege
- noteThe skill recommends continuous, autonomous heartbeats and spawning subagents, but it does not force always:true or modify other skills/configs. Autonomous invocation and subagent spawning are expected for this purpose, but they increase the agent's operational footprint and potential blast radius if misused.