ClawHub
Back to skill
v0.1.0-beta.1

AURA

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:12 AM.

Analysis

AURA is a coherent, instruction-only personality configuration skill, with the main caution that it creates a persistent workspace file that can influence future agent behavior.

GuidanceThis skill appears safe to install if you want persistent personality settings. Before using it, review the AURA.yaml it creates, be cautious with high autonomy settings, and make sure any AGENTS.md startup loading rule only applies in workspaces you trust.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
"How much should I act on my own vs ask permission?" ... "autonomy | Asks permission | Acts independently"

The skill explicitly allows the user to tune how independently the agent behaves. This is central to the personality configuration purpose, but it can affect when the agent asks for permission.

User impactA high-autonomy profile may make the agent more willing to proceed without asking, even though no code or privileged tool use is included in this skill.
RecommendationKeep autonomy settings conservative for sensitive work, and continue requiring explicit approval for impactful actions.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
"Creates or updates `AURA.yaml` in workspace" and "If AURA.yaml exists in workspace, read it at session start and apply the personality traits to all responses."

The skill stores persistent personality instructions in a workspace file and recommends loading them at future session startup. This is disclosed and purpose-aligned, but the file becomes reusable context that can shape later behavior.

User impactAnyone or anything that changes AURA.yaml in the workspace could influence the agent's future response style for that workspace.
RecommendationUse this only in trusted workspaces, review AURA.yaml before relying on it, and avoid placing unrelated instructions or secrets in the file.