Skillv1.0.0

ClawScan security

quantum-daily-tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 12:22 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it describes an RSS-based paper tracker that reads/writes local files and produces daily summaries, and it does not request unrelated credentials, installs, or unusual system access.
Guidance: This skill appears to do what it says, but before installing: (1) confirm where the Dashboard will be stored and that the agent is allowed to write to quantum-tracker/ and memory/last-run.txt; (2) review how the agent decides "important" papers (vague selection logic could broaden what it fetches); (3) be aware it will fetch public RSS feeds (network access) — if you need confinement, run in a sandbox or restrict network permissions; (4) do a manual test run and inspect generated notes and Dashboard outputs to ensure no unexpected external posting or sensitive-data access occurs.
Findings: [STATIC_SCAN_NO_MATCHES] expected: The skill is instruction-only (SKILL.md) with no code files, so the regex-based scanner had nothing to analyze. This absence of findings is expected and does not imply the runtime instructions are safe by themselves.

Review Dimensions

Purpose & Capability: okName/description (daily quantum paper tracking and Chinese notes) align with the instructions: RSS feeds are listed, selection and note-generation steps are described, and local storage paths are provided. Nothing requested or referenced is disproportionate to that purpose.
Instruction Scope: noteSKILL.md instructs the agent to read/write local files (memory/last-run.txt and quantum-tracker/Papers/*) and fetch public RSS feeds — all expected for a tracker. The instructions are somewhat high-level/ambiguous about how to choose "important" papers, how to implement the Dashboard, and how to perform parsing/formatting; that gives the agent broad implementation discretion but is not intrinsically incoherent. Users should verify where the Dashboard is stored and whether it posts data externally.
Install Mechanism: okNo install spec and no code files are present (instruction-only). This is low-risk: nothing is written to disk by an installer and no external packages are fetched by the skill itself.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The runtime instructions only reference local files under the skill's own workspace and public RSS URLs, which is proportionate to its stated function.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent platform-level privileges or modify other skills' configs. It reads/writes files in a local project path (quantum-tracker/) and updates memory/last-run.txt — this is normal persistence for a scheduled tracker.