Back to skill
Skillv1.1.1
ClawScan security
Agent Soul Crafter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 14, 2026, 6:10 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that provides templates and guidance for writing agent personality (SOUL.md) files; its declared requirements and instructions are coherent with that purpose and it does not request extra credentials or install code.
- Guidance
- This skill is coherent and low-risk because it is just guidance/templates. Before installing or using it in production: (1) review generated SOUL.md content to ensure it does not embed any sensitive data or instructions that could cause the agent to disclose secrets or impersonate people; (2) enforce technical safeguards before giving agents the ability to post or act autonomously (avoid letting a persona auto-post without approval); (3) test personas in a sandbox to confirm the response rules and safety boundaries behave as intended; (4) if you later add automation connectors (APIs, posting hooks), require only the minimal credentials needed and review those integrations separately. If you want a deeper check, provide any deployment or connector config you plan to use so I can verify proportionality.
Review Dimensions
- Purpose & Capability
- okName/description promise: create agent personalities and SOUL.md templates. Declared footprint: no env vars, no binaries, no installs, no code files. All asked-for capabilities match the stated purpose.
- Instruction Scope
- okSKILL.md contains only templates, examples, and rules for persona design (identity, traits, expertise, response rules, safety boundaries). It does not instruct reading files, accessing credentials, calling external endpoints, or collecting unrelated system data.
- Install Mechanism
- okNo install spec and no code files — lowest-risk instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The content does mention routing topics to other agent roles but does not require access to other services or secrets.
- Persistence & Privilege
- okFlags are default (always: false, user-invocable true). The skill does not request permanent presence or elevated privileges and does not modify other skills' configurations.