Back to skill
Skillv0.1.1
ClawScan security
StageWhisper Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 25, 2026, 9:11 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only assistant for handling live-call follow-up tasks and its requirements and instructions are internally consistent with that purpose.
- Guidance
- This skill is coherent and low-risk as written, but because it instructs the agent to act immediately and not to ask clarifying questions, you should: (1) limit the agent's real-world permissions (email/calendar/CRM) until you've tested it; (2) enable logging/auditing of actions the agent takes; (3) consider requiring human approval for high-impact tasks (sending emails, creating calendar events, or changing records); and (4) test in a sandboxed environment first to confirm behavior matches your expectations.
Review Dimensions
- Purpose & Capability
- okName and description (handle StageWhisper live-call tasks) match the SKILL.md instructions; there are no unexpected env vars, binaries, or install steps requested.
- Instruction Scope
- noteInstructions stay within the stated purpose (research, draft, schedule, lookup, notify). Two operational points to note: it tells the agent to "start working immediately" and to "not ask clarifying questions back through the channel," which is consistent with live-call behavior but increases the chance of acting without further confirmation. The skill also explicitly forbids running shell commands or making system changes unless asked.
- Install Mechanism
- okInstruction-only skill with no install spec or code files — nothing is written to disk and there is no external code download risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not ask for access beyond what a live-call task processor would reasonably need.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-level privileges or to modify other skills or agent-wide settings.