Skillv1.1.0

ClawScan security

Self Improving Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 5:48 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: Files, scripts, and hook handlers match the stated purpose of capturing and promoting development learnings; nothing requests unrelated credentials or performs covert networking or writes outside the workspace without user action.
Guidance: This skill appears to do what it claims, but review and control how you enable it: 1) Inspect the scripts (activator.sh, error-detector.sh, extract-skill.sh) before enabling hooks to confirm behavior. 2) Prefer project-level hook configuration (not global ~/.claude) if you want to limit automatic executions. 3) Note extract-skill.sh will create files under ./skills/ when run (it prevents absolute/../ paths). 4) error-detector reads CLAUDE_TOOL_OUTPUT (it may contain command output — avoid logging secrets into .learnings/). 5) Run scripts/check_env.sh manually to verify paths and permissions in your workspace before enabling automated hooks.

Review Dimensions

Purpose & Capability: okName/description align with included files: reminder hook, activator, error detector, extraction helper, and templates. The skill does not request unrelated credentials or binaries and the provided handlers/scripts implement the stated capture-and-promote workflow.
Instruction Scope: noteSKILL.md and references instruct installing hooks and running scripts that output reminders and optionally create skill scaffolds. The error-detector reads the CLAUDE_TOOL_OUTPUT env var (expected for a PostToolUse hook). The extract-skill.sh script does create files under a relative ./skills/ directory when run (it has safeguards against absolute or ../ paths). Be aware hooks can be configured at user-level (~/.claude) which makes the activator run more broadly — this is a functional choice but increases execution surface.
Install Mechanism: okNo remote downloads or install steps; instruction-only skill with bundled scripts and hook handlers. There is no installer that fetches remote code or writes binaries to unexpected locations.
Credentials: okNo credentials or sensitive environment variables are requested. The only environment usage of note is error-detector.sh reading CLAUDE_TOOL_OUTPUT (a platform-provided variable containing tool output) and check_env.sh inspecting local paths — both are proportionate to detecting and logging errors.
Persistence & Privilege: notealways is false and the hook handler injects a virtual bootstrap file (no persistent modification). However, enabling hooks at user-level or project-level will cause the activator/error-detector scripts to run automatically on configured events; enabling globally increases runtime frequency and blast radius, so prefer project-scoped configuration if you want limited scope.