Skillv1.0.0

ClawScan security

Midas Skill — Self-Learning Wealth Extraction Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 9, 2026, 7:18 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (mining personal signals from your daily life) is plausible given its instructions, but it asks for broad, sensitive inputs and declares persistent, cumulative learning without documenting where/how data is stored or how consent/retention is handled — that mismatch and the skill's very open-ended instructions are a privacy and coherence concern.
Guidance: Before installing or using this skill, consider the following: 1) Privacy scope — the skill is designed to aggregate highly sensitive personal data (chats, browsing history, photos, receipts). Only provide data you are comfortable having stored and analyzed across sessions. 2) Ask the developer (or platform) where Midas stores its cumulative memory, how to view exported personal data, and how to delete it permanently. 3) Avoid giving the skill credentials (Slack tokens, browser sync access, cloud keys) — prefer pasting sanitized excerpts instead of granting connector access. 4) Confirm whether the skill sends data to external endpoints or third-party services; the SKILL.md does not document any network endpoints. 5) If you need the capability but want lower risk, limit inputs to de-identified samples and remove PII before submitting. 6) If you have strict privacy or regulatory constraints (workplace data, customer PII, health/financial data), do not use this skill until its data handling and retention policies are explicit. 7) The skill is instruction-only (no install), which reduces code-execution risk, but the high potential for long-term, cross-context aggregation of sensitive data is the primary concern.

Review Dimensions

Purpose & Capability: noteThe skill claims to extract 'wealth signals' from Slack threads, photos, browsing history, purchases, etc. Asking for those types of inputs is coherent with the stated purpose. However, the skill also claims it is 'self-learning' and 'does not reset between sessions' (cumulative memory) but the registry metadata and spec include no declared storage, persistence mechanism, or required config/credentials for connectors — that gap is noteworthy.
Instruction Scope: concernSKILL.md instructs the agent to accept ANY daily-life input (Slack threads, screenshots, photos, browsing logs, purchase logs) and to cross-reference them across sessions. Instructions are open-ended (feed Midas 'ANY' input) and give the agent broad discretion to aggregate, retain, and reuse sensitive personal data. The doc does not specify consent, retention limits, anonymization, or where data will be stored, nor does it limit which files/paths or external connectors may be used — this grants the skill wide implicit data-collection scope and creates a privacy risk.
Install Mechanism: okThere is no install spec and no code files to execute; the skill is instruction-only. That reduces supply-chain risk because nothing is downloaded or installed. The manifest contains many reference content files (methodology, examples) but no executable artifacts.
Credentials: noteThe skill requests no environment variables, binaries, or config paths, which is consistent with an instruction-only skill that expects the user to supply inputs. That said, its functionality (mining Slack, browsing history, photos) would commonly require connectors or tokens in practice; the absence of any declared connector/credential is either an intentional design to have users paste data manually or an omission. The omission reduces transparency about where sensitive credentials would be needed if the skill were later extended.
Persistence & Privilege: concernSKILL.md explicitly states 'Midas does not reset between sessions. Every input builds on every previous input.' The skill metadata does not declare persistence, storage locations, or data lifecycle controls. Persistent aggregation of personal data across sessions is a significant privilege. While the skill does not request 'always: true', the combination of autonomous invocation default and the instruction to retain data increases the blast radius if the agent stores or reuses sensitive inputs without explicit user controls.