Back to skill
Skillv0.1.0
ClawScan security
Proactive Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 3:54 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions are internally consistent with its goal of making an agent proactive, but it grants broad file-write and behavioral discretion that you should review before enabling in a real workspace.
- Guidance
- This skill is coherent with its stated purpose but exercises broad local-file and behavioral authority. Before installing or enabling it: (1) Inspect your workspace for files named in the doc (TOOLS.md, USER.md, SOUL.md, SESSION-STATE.md) and remove or relocate any secrets; (2) Do not run any scripts referenced by the skill (e.g., ./scripts/security-audit.sh) until you review their contents; (3) Limit the agent's network access or run it in an isolated/test environment while evaluating; (4) Back up important data so the skill's writes can't overwrite irreplaceable files; (5) Consider seeding SESSION-STATE.md with non-sensitive examples and verify what the agent writes there; (6) If you rely on other tools that store credentials in the workspace, either lock those files or exclude them from the agent's workspace. These steps will reduce the risk that the agent inadvertently reads or persists sensitive data while following the skill's proactive rules.
Review Dimensions
- Purpose & Capability
- okName/description (proactive, persistent, self-improving agent) align with the SKILL.md content: it instructs the agent to maintain working memory files (SESSION-STATE.md, MEMORY.md, etc.), run audits, and perform proactive behaviors. There are no unexpected env vars, binaries, or external service credentials requested that would contradict the stated purpose.
- Instruction Scope
- noteThe runtime instructions tell the agent to scan every message for triggers and to write/maintain many workspace files (SESSION-STATE.md, working-buffer.md, USER.md, SOUL.md, TOOLS.md, etc.). Quick Start also tells users/agents to run local commands (cp assets/*.md, ./scripts/security-audit.sh). These actions are consistent with a stateful agent but are broad: 'search all sources' and 'try 10 approaches' grant wide discretion, and writing persistent files can capture sensitive inputs. The skill does not explicitly instruct transmitting data externally, but the guidance is open-ended enough that how the agent implements 'search all sources' or 'resourcefulness' could access many data sources unless constrained.
- Install Mechanism
- okThis is instruction-only (no install spec and no code files), which is lowest-install risk. However, Quick Start references assets and scripts that are not included in the package (assets/*.md, ./scripts/security-audit.sh), so the agent or user may run or fetch additional artifacts outside this skill — review those before running.
- Credentials
- noteThe skill declares no required environment variables or credentials, which matches the package contents. That said, the workspace layout includes TOOLS.md ('Tool configurations, gotchas, credentials') and the instructions encourage reading and writing workspace files; the agent may therefore read credentials if they exist in the workspace. No external credentials are requested by the skill itself.
- Persistence & Privilege
- okalways:false (no forced global presence). The skill expects to write persistent workspace files and to be autonomously invoked (default behavior). This is expected for a stateful, proactive agent and is not by itself an elevated platform privilege.