Skillv1.0.0

ClawScan security

SPF Test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 6, 2026, 7:41 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and instructions are broadly consistent with a developer workflow, but it references cloning an external GitHub repo and directing persistent file-based logs without declaring or documenting where files will be read/written — that mismatch and the unknown source warrant caution.
Guidance: This skill appears to be a developer workflow template that will make your agent clone an external GitHub repo and store persistent logs on disk. Before installing or using it: 1) Review the referenced GitHub repository (https://github.com/mok888/superpower-with-files) yourself to verify contents and trustworthiness. 2) Don't run it with broad filesystem or network permissions — run in an isolated workspace or sandbox. 3) Decide and control where 'memory' and logs are stored; avoid letting the agent write to locations with secrets or system config. 4) Watch for any unexpected files or network calls when first running the workflow. 5) If you cannot or will not inspect the repo and log behavior, avoid using this skill or restrict the agent's filesystem/network access.

Review Dimensions

Purpose & Capability: concernThe name/description (unified AI workflow, persistent memory, TDD) match the SKILL.md content. However, the skill instructs you to 'Clone the repository' and points to an external GitHub URL while the registry metadata lists the source as unknown and provides no homepage. The skill also promises 'All AI logs routed to unified directory' but declares no required config paths or details about where logs are stored.
Instruction Scope: concernSKILL.md explicitly instructs filesystem actions: cloning a repo, pointing the agent at a /skills folder, and routing persistent logs to a directory. Those operations are within the stated purpose (development workflows) but the instructions lack detail about exact paths, retention, or safeguards. Because the skill will cause the agent to read/write files and persist 'memory' logs, the absence of explicit limits or guidance is a potential privacy/security concern.
Install Mechanism: okNo install spec and no code files are provided (instruction-only), which minimizes direct install risk — nothing is downloaded or executed automatically by the skill itself.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That aligns with an instruction-only workflow skill; however, the instructions still imply file system and network activity (cloning a repo), which the skill did not enumerate as required resources.
Persistence & Privilege: okalways is false and the skill does not request persistent platform-level privileges. The 'persistent memory' behavior described appears to be implemented by writing files as instructed, not by the skill requesting elevated or platform-wide persistence settings.