Skillv0.1.0

ClawScan security

TASTES.md · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 15, 2026, 3:28 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested actions (reading memory, drafting a compact TASTES.md, and appending an AGENTS.md section) are coherent with its stated purpose and it does not request unrelated credentials or installs.
Guidance: This skill appears to do what it says: read your agent memory and daily logs to distill aesthetic rules, save a compact TASTES.md, and append an 'Aesthetic Judgment' section to AGENTS.md. Before installing or running it: (1) review your MEMORY.md and daily logs for sensitive data you wouldn't want re-summarized; (2) back up AGENTS.md so you can revert the appended section if desired; (3) prefer reading the SKILL.md from the listed homepage rather than blindly running the provided curl command from an unknown source; (4) be aware the skill will persistently add files/sections (it is not always: true, but it does write to agent config when you approve); and (5) keep approving updates manually—the skill's instructions say to propose changes and wait for your confirmation. If you want stronger guarantees, ask the skill to show proposed edits before it writes anything and to never run install commands automatically.

Purpose & Capability: okName and description describe building/maintaining a compact taste file; the instructions ask for reading MEMORY.md, recent daily logs, and writing TASTES.md/AGENTS.md — all directly related to distilling and applying aesthetic preferences.
Instruction Scope: noteInstructions legitimately direct the agent to read MEMORY.md and daily memory logs and to run memory_search queries; this is expected for mining aesthetic signals but means the agent will access potentially broad, privacy-sensitive user memory. It also instructs appending a section to AGENTS.md and saving TASTES.md — behavior the user should be aware of and confirm.
Install Mechanism: okThis is an instruction-only skill with no install spec. The SKILL.md includes an optional curl snippet showing how to save the file locally; that is a user-run convenience command, not an automatic installer declared in the registry.
Credentials: okThe skill requests no environment variables, no external credentials, and references only agent-local memory and config files, which is proportionate to its purpose.
Persistence & Privilege: noteThe skill instructs adding an '## Aesthetic Judgment' section to AGENTS.md and saving TASTES.md. Modifying the agent's own AGENTS.md (its configuration/memory) is a reasonable behavior for this feature, but the user should expect persistent changes to agent configuration and files in the agent's skill directory if they follow the install snippet.