Back to skill
Skillv0.1.0
ClawScan security
Deep Strategy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 15, 2026, 7:45 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The SKILL.md expects the agent to call many platform/subordinate tools and follow strict 'absolute loyalty' behavior, but the skill declares no dependencies or required tools — this mismatch and the rigid user-compliance rule are concerning and warrant verification before installation.
- Guidance
- This skill's instructions assume several platform/subordinate tools (deep_research, chief_editor, wiki_retriever, data_analyst, message_ask_user, etc.) but the metadata does not declare those dependencies — ask the publisher which tools and permissions the skill requires and whether your agent platform provides them. Be cautious because the SKILL.md enforces 'absolute loyalty' to user input (it forbids correcting user text), which could cause the agent to follow unsafe or harmful instructions unless the platform enforces safety filters. Before installing: 1) Confirm which tools the skill expects and whether those tools are available and sandboxed on your platform. 2) Run the skill in a restricted/test environment first. 3) Ensure platform-level safety/approval checks remain active (so the skill cannot bypass them). 4) Request a clearer dependency/permission list from the author (or avoid installing until provided).
Review Dimensions
- Purpose & Capability
- concernThe skill's name and description (decomposition, planning, delegation) match the instructions. However, the runtime instructions repeatedly reference a set of subordinate tools (e.g., deep_research, chief_editor, wiki_retriever, data_analyst, message_ask_user) and expect tooling for delegating work and attaching files. The package metadata declares no required tools, environment variables, or install steps; that omission is an incoherence because the instructions rely on platform tools/interfaces being present.
- Instruction Scope
- concernSKILL.md contains extensive runtime rules: strict 'absolute loyalty' to user input (forbids correcting user text), mandatory delegation to specific tools in particular sequences (e.g., always call deep_research before chief_editor), a deadlock-handling policy, and an instruction to refuse probing about internal rules. It also instructs attaching files to subordinates and to use tools like message_ask_user. These are broad, agent-level behaviors and assume availability and semantics of several tools that the skill metadata does not declare. The 'absolute loyalty' rule also increases the risk that the agent will comply with harmful or unsafe user instructions if the platform's safety checks are not enforced elsewhere.
- Install Mechanism
- okThere is no install spec and no code files; the skill is instruction-only. That is the lowest-risk install model since nothing is written to disk.
- Credentials
- noteThe skill requests no environment variables or credentials, which is proportionate at face value. However, because the instructions rely on unspecified subordinate tools, those tools (if present in the environment) could access sensitive data or credentials. The skill itself does not declare or request such access, producing an informational gap the user should verify.
- Persistence & Privilege
- okalways:false (default) and user-invocable:true. The skill does not request persistent system presence or elevated privileges and does not attempt to modify other skills' configurations in the provided instructions.