Skillv1.1.1

ClawScan security

[Nyx Archive] Art Philosophy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 7:15 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (learning your visual language) is plausible, but the runtime instructions ask the agent to 'passively' observe broad personal conversations and creative output with no clear boundaries, retention policy, or safeguards — a privacy and scope mismatch that should be clarified before use.
Guidance: This skill's aim (learning your visual language) is reasonable, but its instructions ask the agent to passively monitor a lot of personal content without specifying limits. Before installing, ask the developer: (1) Exactly what data will the skill read (chat messages, uploaded images, file contents)? (2) Is passive/always-on monitoring actually implemented, or is learning limited to explicit user-invoked sessions? (3) Where is learned data stored, for how long, and who can access or delete it? (4) Does the skill ever send user data to external services or endpoints? (5) Can you disable autonomous invocation or passive learning per user/agent? If you cannot get clear, written answers, treat this as a privacy risk: prefer running it in a sandbox, disable autonomous invocation (if possible), or only enable it for short, explicit sessions. I have medium confidence because the skill is instruction-only (no code to inspect) and part of the SKILL.md was truncated; reviewing the complete commands section and any implementation details could raise or lower the risk assessment.

Review Dimensions

Purpose & Capability: noteName and description match the SKILL.md: the skill claims to learn a user's visual language and provide tailored art-philosophy guidance. Observing how a user talks about art and what they create is coherent with that goal.
Instruction Scope: concernThe SKILL.md explicitly instructs 'Passive Learning (Always On)' and to 'observe and note' a wide range of personal signals (conversation tone, decision patterns, creative process). These instructions are vague about what data is captured, whether images or private messages are included, how often learning runs, and where data is stored or sent. That grants broad discretionary access to user content and context beyond a single invocation.
Install Mechanism: okInstruction-only skill with no install spec, no binaries, and no code files — lowest install risk.
Credentials: okThe skill requests no environment variables, credentials, or config paths, which is proportionate. However, the SKILL.md's passive-collection guidance implies it will use runtime access to user messages and content; that operational access isn't declared in metadata and should be clarified.
Persistence & Privilege: concernMetadata does not set always:true (good), but the instructions ask for 'Always On' passive learning. The mismatch means the skill could be implemented to monitor across sessions or be invoked autonomously to aggregate user data. Autonomous invocation is allowed by default, increasing the potential blast radius. There is no guidance about storage, retention, opt-out, or how to disable passive learning.