Back to skill
Skillv1.0.0
ClawScan security
Faktum Android · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 19, 2026, 12:01 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is coherent with Android development work but its runtime instructions tell the agent to read multiple specific local files (project vaults and a personal 'memory' file) that could contain sensitive data even though no credentials or install steps are declared.
- Guidance
- This skill appears to do what it says (an Android dev session) but it asks the agent to read multiple local documents and a 'memory' file at startup. Before installing, consider: 1) Inspect the referenced files (~/Documents/ntriq-vault/*, ~/Documents/Projects/faktum-news/*, ~/.claude/projects/*) to ensure they contain no secrets, tokens, or private keys. 2) Limit the agent's filesystem access or run it in an isolated/dev environment if possible. 3) Confirm you trust the chained 'android-cli' and other official skills mentioned. 4) If you don't want the agent to access your vault or memory, remove or redact those Read instructions from SKILL.md. 5) Because the skill's context is shared across multiple AI directories and a synced Obsidian vault, be cautious about any accidental propagation of sensitive information. If you want safer operation, require explicit user approval before the agent reads any local files.
- Findings
[no-code-files-to-scan] expected: The repository contains only SKILL.md (instruction-only). The regex scanner had no files to analyze; this is expected for an instruction-only developer assistant but means static-scan signal is limited.
Review Dimensions
- Purpose & Capability
- okName/description (Faktum Android dev session) matches the instructions: create/run Android project, reuse Faktum web API, and chain official android-cli/navigation/edge-to-edge skills. The declared purpose reasonably explains the listed actions and tools.
- Instruction Scope
- concernThe SKILL.md explicitly instructs the agent to 'Read' several user-local paths at startup (e.g. ~/Documents/ntriq-vault/wiki/... , ~/Documents/Projects/faktum-news/app/api/, ~/.claude/projects/.../project-faktum-news.md). Those files may contain sensitive project secrets, tokens, or other private data. The skill does not declare or justify broad filesystem access in its metadata; the instructions grant the agent broad discretion to access user documents and a 'memory' file.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. This is lower installation risk because nothing is downloaded or written by the skill itself.
- Credentials
- noteNo environment variables, credentials, or config paths are declared as required. However, the SKILL.md references local config and memory files that could include secrets. The lack of declared credentials is proportionate to the described Android dev purpose, but reading undclared local files increases the effective access surface.
- Persistence & Privilege
- noteThe skill is not always:true and does not request persistent privileges. SKILL.md notes that related official skills and this wrapper are copied into multiple AI directories and that an Obsidian vault is sync'd across systems — this cross-agent/context propagation increases blast radius if sensitive files are read, but the skill itself does not modify other skills or set always:true.