v1.0.0

complex-task-executor

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:23 AM.

Analysis

This instruction-only skill is coherent, but it requires the agent to write task lessons into memory in the background without clear user approval, retention, or sensitivity limits.

GuidanceInstall only if you want the agent to save reusable lessons from complex tasks into memory. Before using it on private code, business systems, or sensitive projects, require the agent to show exactly what it plans to remember and confirm that no secrets, confidential details, or one-off task data will be stored.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusConcern

SKILL.md

Agent 必须严格按照以下三个阶段展开工作... 任务完成后... **强制使用 manage_core_memory 工具**将经验写入记忆。

The skill imposes a mandatory workflow and forced tool use as a stopping condition. The planning methodology is purpose-aligned, but the forced memory-write step could override a user’s preference not to store information.

User impactThe agent may treat saving memory as required even when the user only asked it to complete a task, creating a risk that user intent about persistence is not respected.

RecommendationState that user instructions and privacy preferences override the skill workflow, and require user approval before any memory-writing tool call.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

在任务的最后一步，你**必须**调用 manage_core_memory 工具。... 记录在“调查研究”阶段发现的项目核心架构、约定俗成的规范。... 在后台调用 manage_core_memory

The skill mandates memory writes and can store project knowledge for later reuse, but the artifacts do not define consent, review, retention, deletion, or filtering rules for sensitive project information.

User impactInformation learned during a task, such as project architecture, conventions, dependencies, or mistakes, could be saved into agent memory and influence future tasks even if the user did not explicitly approve that storage.

RecommendationMake memory writes opt-in or require explicit confirmation, show the exact memory entry before saving, avoid secrets or sensitive project details, and provide a clear way to skip or delete saved memories.