Skillv1.0.3

ClawScan security

Continuous User Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 3:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are coherent with running diary-style user research; nothing requested is disproportionate to that purpose, though a few schema/config clarity issues and secrets-handling cautions deserve attention.
Guidance: This skill appears to do what it says, but review these before installing: 1) Secrets: treat RESEARCH_REDACTION_SALT and any integration API keys as sensitive — store and rotate them in your secret manager and ensure they are not embedded in logs or prompts. 2) Least privilege: grant Notion/Slack/Email/GitHub/Linear tokens the minimal scopes the recipes request (and only set tokens for integrations you enable). 3) Storage access: ensure RESEARCH_STUDY_STORAGE_RAW_PATH points to a restricted bucket/collection with proper ACLs and audit logging, and that report paths are separate and redacted. 4) Schema oddity: the study_brief.schema.json forces notion/airtable/google_sheets tool configs as required — if you will not use all three, ask the author to relax these required fields to avoid unnecessary provisioning. 5) Consent & retention: verify the implementation actually enforces explicit consent logging, retention/deletion, and redaction before publishing; run a dry test with synthetic data. 6) Operational controls: confirm reminder/fallback logic and any scheduled message behavior are acceptable for your participants (to avoid spamming) and confirm fallback channels (SMS/Discord) are covered by policy. If those points are addressed, the skill is coherent for running longitudinal diary studies.

Review Dimensions

Purpose & Capability: noteThe name, description, required env vars, and declared integrations (Notion, Slack, Email, Linear, GitHub, multimedia storage) match the stated diary-study purpose. Conditional credentials for each integration are sensible. One mismatch: study_brief.schema.json's tools_config marks notion, airtable, and google_sheets as required properties, which would force provisioning/metadata for multiple tools even when a study only needs one — that is disproportionate and likely an authoring mistake that should be corrected.
Instruction Scope: okSKILL.md and the included prompts/recipes explicitly constrain actions to participant management, consent capture, API-based messaging (email/slack/notion), secure storage of raw artifacts, redaction before synthesis, and audit logging. The instructions explicitly prohibit shell or secret exfiltration and do not instruct reading unrelated files or system credentials. Follow-up and multimedia rules are scoped and privacy-focused.
Install Mechanism: okThis is an instruction-only skill (no install spec, no code files). That minimizes surface area: nothing is downloaded or written by the skill bundle itself.
Credentials: noteDeclared env vars (profile selector, raw/report storage paths, redaction salt) are appropriate for the function. The RESEARCH_REDACTION_SALT is a sensitive secret used for deterministic redaction and must be protected and rotated like other secrets. Conditional third-party tokens (Notion, Slack, Email provider, Linear, GitHub) are appropriate only when those integrations are enabled — the skill explicitly instructs to leave tokens unset for disabled integrations (good). Verify that RESEARCH_STUDY_STORAGE_RAW_PATH and REPORTS_PATH do not grant broader cloud permissions than necessary.
Persistence & Privilege: okalways is false and the skill does not request permanent platform-level privileges or changes to other skills. No install tasks or modifications of other skills are present.