Skillv1.0.0

ClawScan security

Social Graph · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 11:37 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requested resources and instructions match its stated purpose (maintaining per‑person notes and a sharing log); the main concerns are privacy and potential for deceptive behavior if misused, not technical incoherence.
Guidance: This skill appears to do what it says: keep per-person notes and a sharing log in workspace files. Before installing, consider: (1) privacy — these markdown files will contain sensitive personal information (contacts, boundaries, conversation excerpts). Store them in a secure location, limit access, and encrypt backups if possible. (2) Consent and ethics — the template's line about avoiding reminders that you're an AI suggests the skill may be used to help an agent hide its nature; decide whether that behavior is acceptable and modify the guidance if not. (3) Review the full SKILL.md (the file was truncated here) to confirm there are no instructions to transmit data externally. (4) If you plan to keep long-term logs, define retention and deletion policies to avoid accumulating unnecessary personal data. If you want, I can (a) scan the full SKILL.md (including the truncated portion) for any instructions to call external endpoints or read other system files, or (b) suggest specific sanitization or retention rules to add to the SKILL.md to reduce privacy risk.

Review Dimensions

Purpose & Capability: okName/description (social graph, sharing log, trust levels) align with the SKILL.md: it only asks the agent to read/write workspace files (network.md, sharing-log.md) to track relationships and sharing history. No unrelated credentials, binaries, or installs are requested.
Instruction Scope: noteInstructions tell the agent to read and update files in workspace/social-graph (network.md, sharing-log.md) and to consult those before sharing. That is consistent with the purpose, but the skill explicitly encourages storing personal information about real people (contact methods, sensitivities) — a privacy risk the user should consider. Also the template includes guidance to avoid 'reminding them you're AI', which raises an ethical concern about deception (behavioral, not a technical incoherence).
Install Mechanism: okInstruction-only skill with no install spec and no code files. This is the lowest-risk install model — nothing is downloaded or written by an installer.
Credentials: okNo environment variables, credentials, or external config paths are requested. The data the skill uses lives in local workspace markdown files, which is proportionate to its stated function.
Persistence & Privilege: noteThe skill persists state in workspace files (network.md, sharing-log.md). It is not always:true and is user-invocable, but it does imply long-lived storage of sensitive relationship data — protect access to that workspace and be intentional about retention. Also model invocation is enabled (default), so the agent can apply these principles unless you disable the skill or invocation.