Skillv0.1.1

ClawScan security

Recursive Swarm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 3:39 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with its stated purpose: it manages a bounded task-tree on local disk and provides helper scripts for orchestration without requesting credentials or external installs.
Guidance: This skill appears to do exactly what it says: local, bounded orchestration stored in a run folder. Before using it: (1) run the scripts in a dedicated directory (do not point runs-dir at system or sensitive folders); (2) review the Python files (they only read/write tree.json, events.jsonl, and node files) to confirm they meet your policy; (3) be cautious when creating 'ops' or 'browser' nodes or configuring executors that allow subagents/direct tools — those child executors (not these scripts) could perform network or shell actions if the agent has such tools enabled; (4) no secrets are requested by this skill, so do not supply credentials into the run directory or node artifacts. If you need higher assurance, test with a small harmless run first and inspect events.jsonl and nodes/* after execution.

Review Dimensions

Purpose & Capability: okThe name/description describe bounded recursive orchestration and the package contains scripts (init_run, upsert_node, mark_node, list_ready_nodes, merge_results, etc.) and schema files that directly implement that functionality. There are no unrelated env variables, binaries, or install steps requested.
Instruction Scope: noteSKILL.md and the scripts confine behavior to creating and manipulating a run folder (tree.json, events.jsonl, nodes/*). The guidance references using 'subagents', 'ACP', or 'direct tools' for actual leaf execution; those are runtime choices outside these scripts and could enable external actions if the agent has such tools. The scripts themselves do not perform network I/O or read arbitrary system config; they only read/write files under the chosen run directory.
Install Mechanism: okNo install spec is provided (instruction-only skill). Code is shipped as plain Python scripts; nothing is downloaded or extracted from untrusted URLs. Users must run the included Python scripts locally, which is low-risk if run in an appropriate directory.
Credentials: okThe skill requires no environment variables, no credentials, and no config paths. The scripts operate on user-supplied run directories only. There are no requests for tokens, secrets, or unrelated cloud credentials.
Persistence & Privilege: okalways is false and the skill does not request persistent platform privileges. It writes only into the run directory chosen by the user and does not modify other skills or system-wide agent settings.