Skillv1.0.0

ClawScan security

Proactivity.BAK · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 5, 2026, 3:59 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are mostly coherent and limited to local state under ~/proactivity, but metadata inconsistencies and the fact it will read/work with workspace files (even if only with approval) warrant caution.
Guidance: This skill appears to do what it says: keep a local proactive state in ~/proactivity/ and only touch other workspace files with explicit approval. Before installing: 1) ask the publisher to explain the metadata mismatches (ownerId, slug, and version) and confirm which package is the authoritative one; 2) review any workspace snippets the skill proposes before approving writes to AGENTS/TOOLS/SOUL/HEARTBEAT; 3) be aware that the skill will store local notes which might include sensitive info — consider whether ~/proactivity/ is an appropriate location and whether you want the recommended file permission changes; 4) if you need higher assurance, request a signed/verified release or run the skill in a sandboxed environment first.

Purpose & Capability: noteThe declared purpose (make the agent more proactive) aligns with the files it reads/writes (~/proactivity/). However there are packaging/metadata inconsistencies: registry Owner ID (kn7d3335...) does not match _meta.json ownerId (kn73vp5...), the skill slug/name (Proactivity.BAK) differs from SKILL.md slug (proactivity), and published/versions differ (registry lists v1.0.0; SKILL.md and _meta.json show v1.0.1). These mismatches could be benign (packaging or backup variant) but should be clarified.
Instruction Scope: okSKILL.md instructs only local operations in ~/proactivity/ and to read workspace files (AGENTS/TOOLS/SOUL/HEARTBEAT) only when user requests integration. It explicitly requires showing diffs and asking approval before writing outside ~/proactivity/. No network calls or secrets are requested in the instructions.
Install Mechanism: okInstruction-only skill with no install spec and no code files. No downloads or archives — lowest-risk install profile.
Credentials: okThe skill requests no environment variables, no binaries, and no credentials. It stores local notes in ~/proactivity/ which may contain sensitive details depending on user use — this is expected but worth noting.
Persistence & Privilege: okalways is false and the skill is instruction-only. It creates and manages a local folder (~/proactivity/) and asks for explicit approval before touching workspace files. No elevated privileges requested.