Back to skill
Skillv1.0.0
ClawScan security
Intention Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 6:12 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match its stated purpose (intent inference and alignment) and it does not request external credentials or installs, but it implicitly expects access to agent-local context (user profile, recent memory, project state) that is not declared in the manifest — so review data-access policies before enabling it.
- Guidance
- This skill appears to do what it says (inferring and validating user intent) and does not request external credentials or installs. Before installing, confirm whether you are comfortable with the agent accessing internal context such as USER.md, recent conversation memory, and project/task state — these data sources can contain sensitive information. If you want tighter control, (1) require the skill to be user-invocable rather than only autonomously callable, or (2) limit or audit the agent's memory and file access permissions, or (3) run the skill in a restricted/sandboxed agent first to observe behavior. If you need assurance, ask the skill author to declare required config paths and data access in the manifest so the access is explicit.
Review Dimensions
- Purpose & Capability
- okName and description (intent inference/alignment) align with the SKILL.md tasks: gap classification, context-layered inference, premortem, quality bar, negative-intent checks, push-back. The skill does not declare unrelated capabilities, binaries, or credentials.
- Instruction Scope
- concernRuntime instructions require reading agent-local context: 'USER.md or equivalent', 'recent memory', 'project/task state', 'conversational momentum'. These are consistent with intent inference, but the manifest did not declare any required config paths or data access approvals. The SKILL.md does not instruct contacting external endpoints or exfiltrating data, but it grants broad discretion to read internal agent context.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest risk for supply-chain or remote code execution. Nothing will be written to disk by an installer.
- Credentials
- noteThe skill requests no environment variables, credentials, or config paths in the manifest. However, the instructions explicitly reference internal data sources (USER.md, memory, project/task state). This is proportionate to the stated purpose but is a mismatch between declared requirements and the actual data the skill expects to access.
- Persistence & Privilege
- okalways:false and no unusual persistence or system-wide config modifications. disable-model-invocation is false (agent may call it autonomously) — this is the platform default and consistent with the skill's purpose.