Back to skill
Skillv1.0.0
ClawScan security
Conversation Data Quality Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 6:35 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are consistent with its stated purpose — it reads meeting notes/transcripts from the agent environment, classifies statements, and writes results; it does not request unrelated credentials or download/install code.
- Guidance
- This skill appears to do what it says: analyze transcripts and classify each statement. Before installing or invoking it, confirm that the agent environment contains only the conversation files you intend it to read (it will search for files like conversation-notes/, meeting-*.md, transcript-*.md, product-idea.md, etc.). The skill does not request external credentials or download code, but it does require file read/write access — avoid running it in environments containing unrelated sensitive files (private keys, secrets, or unrelated personal data). If you want tighter control, run the analysis on a copy of the transcript in a restricted workspace or paste only the text you want analyzed.
Review Dimensions
- Purpose & Capability
- okName/description (classify conversation statements as fact/compliment/fluff/idea) align with the declared inputs and the instructions. The skill only needs access to conversation text and optional supporting files (product idea, learning goals), which it explicitly looks for.
- Instruction Scope
- noteSKILL.md instructs the agent to search the environment for files (e.g., conversation-notes/, meeting-*.md, transcript-*.md, product-idea.md, question-script.md) and to read/persist analysis. This is coherent for post-hoc transcript analysis, but it does mean the agent will look through workspace files — review what is in the agent environment before running.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Nothing is downloaded or written to disk by an installer, reducing supply-chain risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The only requested access is file read/write in the agent environment, which is proportionate to analyzing transcripts and saving outputs.
- Persistence & Privilege
- okalways:false and normal autonomous invocation settings. The skill requires Read/Write tools to operate (expected). It does not request permanent 'always' inclusion or modify other skills or system-wide settings.