Skillv1.0.2

ClawScan security

logic · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 4:52 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only reasoning aid that stores and maintains small text files under ~/logic/ — its requirements and actions align with its stated purpose and there are no requests for credentials, binaries, or external downloads.
Guidance: This skill is instruction-only and appears coherent with its stated goal: it will create and maintain a small workspace at ~/logic/ and write plain-text files (principles, patterns, cases, heartbeat state). Before installing, decide whether you are comfortable with a skill creating ~/logic/ and updating heartbeat-state.md. Optionally inspect the bundled files (principles.md, heartbeat-rules.md, setup.md) to confirm content matches your expectations. Note: metadata lists optional config paths like ./AGENTS.md and ./SOUL.md — these are not required by the skill but, if present in your environment, you should check their contents because the skill’s metadata references them. No credentials, external downloads, or network endpoints are requested by the skill.

Review Dimensions

Purpose & Capability: okThe name and description promise structural reasoning support; the skill is instruction-only and provides patterns, principles, and a small local workspace (~/logic/) for cases, candidates, and heartbeat state. Nothing required (no env vars, no binaries, no network downloads) appears disproportionate to this purpose.
Instruction Scope: okRuntime instructions focus on initializing and reading/writing files under ~/logic/, maintaining heartbeat-state.md, and returning structured reductions before answering. The only file operations are confined to the declared workspace; the skill does not instruct the agent to read unrelated system files, environment variables, or send data to external endpoints. It does reference optional configPaths (./AGENTS.md, ./SOUL.md, ./HEARTBEAT.md) in metadata—these are not actively used in the instructions but you should review them if they exist in your environment.
Install Mechanism: okNo install spec and no code files that would be downloaded or executed. This is low-risk: nothing is written outside the declared workspace except the suggested ~/logic/ directory and files within it.
Credentials: okThe skill requires no environment variables, credentials, or external config paths. The declared configPaths target only a local workspace (~/logic/) and some optional local filenames; these are proportionate to a reasoning/memory aid.
Persistence & Privilege: noteThe skill persists state in ~/logic/ (creates files such as principles.md, heartbeat-state.md, candidates.md, reflections.md). This is intended behavior for a reasoning workspace. It is not always: true and does not request elevated privileges, but installing it will create and update files in your home directory; review those files if you are concerned about local disk writes.