Skillv2.0.0

ClawScan security

Task Decomposition · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 5:37 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only skill is internally consistent with its purpose: it decomposes and tracks multi-step work by reading/writing plan files in the workspace and does not request credentials, installs, or remote network access.
Guidance: This skill appears coherent and low-risk, but it will read and write files inside the agent's workspace (plans/, patterns.md and archived plan files). Before installing, consider: (1) Run it in a workspace that doesn't contain secrets you wouldn't want written to disk. (2) Ensure .env or other secret-containing files are gitignored or not present if you don't want endpoints/credentials stored — the example suggests saving endpoints to .env. (3) Review any plans/patterns the agent creates before committing or sharing them. (4) If you plan to let the agent run autonomously, remember it can create and update these local files without additional prompts; if you want tighter control, invoke it manually. Overall this skill matches its stated purpose; the main risk is accidental local persistence of sensitive data, not unexpected network access or credential exfiltration.

Review Dimensions

Purpose & Capability: okName/description match the behavior in SKILL.md. The skill only needs to read and write plan files (plans/, patterns.md, archive files) to implement decomposition, tracking, retros, and learning — nothing extraneous (no cloud creds, binaries, or unrelated services) is requested.
Instruction Scope: noteInstructions consistently stay within planning/tracking scope (decompose requests, create/update plan files, maintain patterns.md, run retros). They require file-system access to a workspace directory (plans/) and expect the agent to read existing plans and patterns. One example suggests saving an endpoint to .env, which implies writing potentially sensitive data to workspace files — the SKILL.md does not explicitly instruct network calls or reading other system config, but it does expect persistent local file writes.
Install Mechanism: okNo install spec and no code files — instruction-only. No downloads, packages, or binaries are declared; nothing will be written to disk by an installer outside the normal skill behavior of creating plan files.
Credentials: noteThe skill declares no required environment variables or credentials (proportionate). Caveat: the example suggests storing an endpoint in a .env file; users should be aware the agent may write sensitive values into workspace files if planning steps instruct that. The skill does not request unrelated secrets or config.
Persistence & Privilege: okalways:false (normal). The skill expects to persist state in the workspace (plans/, patterns.md, archive files) which is appropriate for a planner. It does not request to modify other skills or system-wide agent settings.