Skillv0.3.0

ClawScan security

Skill Evolver Pro - 技能进化器专业版 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 17, 2026, 6:15 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested resources are consistent with a local skill-evolution/analysis tool that persists state to disk; it does not request credentials, run external downloads, or contain obvious exfiltration or unrelated capabilities.
Guidance: This skill appears to be a local, file-backed analysis and planning tool and is internally consistent with its description. It does persist state and logs to disk — by default inside the skill's data folder, or to whatever dataDir you pass in. Before installing/use: (1) review where dataDir will point — avoid giving it system or home root paths so it can't read/write unintended files; (2) confirm you will only supply non-sensitive usage data (usageStats, errorLogs, userFeedback) to the pipeline; (3) understand that 'deploy' and 'implement' steps are stubbed placeholders in the code (it generates plans and reports but does not autonomously modify other skills or push to external registries); (4) review the code if you plan to run this in a privileged environment. No credentials or network endpoints are requested by the skill, so credential leakage risk from the package itself is low.

Review Dimensions

Purpose & Capability: okName/description (skill evolution, analysis, state machine, persistence, pipeline) match the provided source files (state machine, file-store, pipeline, strategies, report factory). The code implements analysis, planning, eventing and local persistence — all coherent with the stated purpose. There are no unexpected external service credentials or unrelated binaries required.
Instruction Scope: noteSKILL.md and examples instruct the agent to analyze provided usage data, generate plans, and persist/restore state from a local data directory. The instructions do not direct the agent to read unrelated system files, network endpoints, or other skills' credentials. Note: the pipeline accepts a dataDir parameter (user-supplied) and FileStore will read/write under that baseDir — behaviour is expected but you should avoid passing a baseDir that points to sensitive system locations.
Install Mechanism: okNo install spec or remote download is present; the skill is instruction/code-only in the bundle. All code is local JS files; there is no code that pulls arbitrary remote archives or runs child_process/exec. This is a low-risk install posture from the skill registry perspective.
Credentials: okThe skill requires no environment variables, no credentials, and no external config paths. All file I/O is scoped to the skill's data directory (FileStore baseDir). No secrets (TOKEN/KEY/PASSWORD) are requested.
Persistence & Privilege: noteThe skill persists state and logs to disk (default data path is a 'data' folder in the package, but examples show a user-configurable dataDir). It does not request 'always: true' and does not modify other skills' configurations. As a precaution, when invoking, do not pass a dataDir that is an OS root or other sensitive path (doing so would allow the skill to read/write files under that directory).