Back to skill
Skillv2.20.0
ClawScan security
Superpower with Files · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 7:40 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requested files, scripts, and runtime instructions are coherent with its stated purpose (a unified, file-backed AI workflow), but it includes local session-reading scripts and aggressive file-reading hooks that are privacy-sensitive and should be used with awareness.
- Guidance
- This skill appears to be what it says: a file-backed planning and TDD workflow with many helper scripts. Before installing or using it, consider: 1) The session-catchup script reads local IDE/session storage (like ~/.claude and OpenCode storage) to import prior conversation history — don't run it if you don't want your local chat content scanned. 2) The skill repeatedly reads planning files (task_plan.md, findings.md, progress.md) into the agent context via PreToolUse hooks; avoid placing secrets or private data in those files because they will be injected into the model context. 3) It will create and prefer a .superpower-with-files/ directory by default — check and, if desired, override paths in prompts. If you want to proceed, review files you already have under your home or project (especially any existing planning files or IDE session logs), and run the scripts manually first to observe what they read/write. If you are uncomfortable with local session recovery or automatic file reads, do not enable the catchup step or remove/modify the PreToolUse hook before use.
Review Dimensions
- Purpose & Capability
- okThe repository contents (planning-with-files, TDD execution helpers, init/check scripts, sync script, and many SKILL.md subskills) match the skill's description of a unified AI workflow. The presence of templates, hooks, and scripts for initializing and checking planning files is proportional to the stated purpose.
- Instruction Scope
- noteRuntime instructions and included SKILLs instruct the agent to create/read/write persistent planning files and to run session-catchup.py. That script explicitly scans IDE session storage (e.g., ~/.claude/projects and OpenCode storage) to recover prior conversation context; hooks also run git commands and repeatedly cat task_plan.md before tool use. These behaviors are coherent with the stated 'session catchup' and persistent-memory goals but are privacy-sensitive because they read local IDE/chat histories and repeatedly inject file contents into model context (increasing prompt-injection risk).
- Install Mechanism
- okNo install spec is present (instruction-only), and all code is shipped in the repo. There are no downloads from remote URLs or installer scripts that fetch arbitrary code. This reduces supply-chain/remote-execution risk.
- Credentials
- noteThe skill declares no required environment variables or external credentials. Some scripts reference optional env vars (CLAUDE_PLUGIN_ROOT, OPENCODE_DATA_DIR) and will probe common IDE directories under the user's home. That is consistent with tooling that integrates with local IDEs, but means the skill can access local files and chat logs without requesting new credentials—be aware that no explicit env prompts does not mean no sensitive data is accessed.
- Persistence & Privilege
- noteThe skill is not always-enabled and does not request system-level privileges. However, it installs PreToolUse/PostToolUse/Stop hooks (declared inside planning-with-files SKILL.md) that repeatedly read planning files before tool calls and run check scripts at Stop; this gives the skill ongoing influence over the agent's tool use (standard for this pattern, but it amplifies any malicious or accidental prompt injection contained in the files).