Back to skill
Skillv1.3.2
ClawScan security
ClawdGo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 7, 2026, 4:21 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- This is an instruction-only training skill whose declared behavior (managing a local profile, writing runtime files, and maintaining an anchored block inside soul.md) is coherent with its stated purpose, but it writes persistent agent memory files so you should review and allow those writes intentionally.
- Guidance
- What to consider before installing: - This skill intentionally writes persistent files: runtime/clawdgo-profile.json, runtime/clawdgo-state.json, runtime/my-scenarios/, and may inject/replace an anchored block inside your global soul.md. That modifies the agent's persistent memory and can change behavior across sessions. - The seed files that will be written are bundled with the skill (references/seed/*). Review their contents (they are included) and back up your existing soul.md and any runtime/ files before first run. - If you do not want third-party skills to modify soul.md, do not enable automatic writes — ask the agent to perform writes only after explicit confirmation. - The skill does not request credentials or perform external downloads, which lowers external-exfiltration risk, but persistent memory writes are high-privilege by nature; grant them only if you trust the skill's origin and content. - If anything about the written content or the behavior seems unexpected, uninstall the skill and restore your backed-up soul.md and runtime files.
- Findings
[no-regex-findings] expected: Scanner had no code files to analyze (instruction-only). This is expected; absence of findings does not eliminate risk because runtime behavior is driven by SKILL.md directives.
Review Dimensions
- Purpose & Capability
- okThe skill is a persistent 'training camp' for an agent and the runtime requirements (reading seed data, keeping a profile, saving scenarios) align with that purpose. It does not request unrelated credentials or binaries.
- Instruction Scope
- noteSKILL.md instructs the agent to read bundled seed files and create/maintain runtime files (runtime/clawdgo-profile.json, runtime/my-scenarios/, runtime/clawdgo-state.json) and to attempt to inject a bounded anchor block into soul.md. These file operations are within the skill's stated domain (profile/memory management), but they are persistent and affect the agent's memory — review the exact content being written (seed files are included) before allowing.
- Install Mechanism
- okNo install spec or external downloads; instruction-only skill (no code executed from external URLs). This lowers supply-chain risk.
- Credentials
- okThe skill requires no environment variables, binaries, or external credentials. It does not request unrelated secrets or network credentials in its metadata.
- Persistence & Privilege
- concernAlthough always:false and autonomous invocation is allowed by default, the skill writes persistent state into the agent's memory (soul.md anchor replacement, runtime profile/state files, and scenario drafts). Writing to soul.md is a sensitive capability because it can change behavior across sessions; confirm you trust the included seed content and the anchor replacement rules before enabling automatic writes.