Skillv1.0.0

ClawScan security

Cheeeeeeeeeer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 2:57 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (detect frustration and provide encouragement) matches its runtime instructions and it requests no extra credentials or installs, but automatic monitoring behavior, an opaque source, and references to non-existent implementation files deserve caution.
Guidance: This skill appears to do what it says (detect frustration and send short encouragements) and doesn't request credentials or install code. Before installing, consider: (1) Source transparency — there is no homepage and the owner is opaque; if you don't trust the publisher, be cautious. (2) Automatic triggers — the skill will monitor messages and may send unsolicited replies (threshold 0.3 is fairly low); confirm you can opt out or adjust sensitivity. (3) Data handling — SKILL.md does not say whether analyzed messages are logged or sent externally; ask the author whether any user text leaves the local agent or is stored. (4) Missing implementation files — the doc references detector.js/index.js but no code is included; ask whether those are illustrative or part of an implementation you will install. If these questions are answered satisfactorily (no external transmission, adjustable threshold, opt-out), the skill is reasonable to install for its intended purpose.

Review Dimensions

Purpose & Capability: okThe name/description (emotional support) align with the instructions: analyzing user messages for keywords/emojis/punctuation and returning short encouragements. There are no unrelated environment variables, binaries, or external services declared that would be inappropriate for this purpose.
Instruction Scope: noteInstructions specify automatic monitoring of user messages and automatic triggers (threshold 0.3) that can cause unsolicited responses. The SKILL.md does not describe data retention, logging, or whether message text is sent to external services. Automatic analysis of user messages is expected for this skill, but the lack of details about storage/transmission and the relatively low trigger threshold are usability/privacy concerns.
Install Mechanism: noteThis is an instruction-only skill with no install steps (low risk). However, the SKILL.md references implementation files (detector.js, index.js, manifest.json) that are not present in the package, which is an inconsistency worth clarifying (either those are illustrative or missing).
Credentials: okNo environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or elevated access.
Persistence & Privilege: notealways:false is set (good). The skill can be invoked autonomously (platform default) and the SKILL.md enables automatic triggers that will act without explicit per-message commands; combined this can lead to unsolicited messages. This is a behavioral/privacy consideration rather than an outright privilege escalation.