Skillv1.0.1

ClawScan security

Relational Permission · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 7:06 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is an instruction-only safety policy document that aligns with its name and requests no credentials, binaries, or installs — nothing in the package contradicts its stated intent.
Guidance: This skill is essentially a policy template: low technical risk because it contains no code, installs, or secrets. Before installing, confirm how the agent will implement these rules in practice: 1) ask the integrator to define terms such as R3–R4 and 'predicted impact' so crisis triggers are not ambiguous; 2) verify there is no hidden code elsewhere that implements inference, logging, or profiling (the SKILL.md forbids persistence, but enforcement depends on implementation); 3) request auditability or tests showing that no state is persisted and no telemetry is produced from refusals or silence; and 4) ensure the policy cannot be repurposed to silently block lawful collective actions. If you need stronger guarantees, require a concrete, auditable implementation (code or hooks) that enforces these invariants rather than relying on high-level prose.

Purpose & Capability: okThe name 'Relational Permission' and the SKILL.md content both describe behavioral/safety invariants. The skill requires no env vars, binaries, or installs, which is appropriate for a policy-only skill.
Instruction Scope: noteThe instructions are high-level normative rules about agent behavior (silence handling, anti-profiling, crisis carve-outs). They do not instruct the agent to read files, call external endpoints, or access credentials. However, some language (e.g., 'inference layer may activate', 'predicted impact') is vague and leaves discretionary implementation choices to the agent—this could lead to inconsistent or overbroad behavior unless clarified or constrained in implementation.
Install Mechanism: okNo install spec and no code files; nothing is written to disk. This is the lowest-risk install posture for a skill.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for secrets or platform access.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent storage. The document explicitly prohibits profiling and persistent state. Normal autonomous invocation is allowed by platform defaults but is not a unique privilege of this skill.