Skillv1.0.1

ClawScan security

Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 13, 2026, 12:00 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions align with its stated purpose: it only needs a single observe key to call api.clawtrace.ai and gives bounded runtime guidance for applying recommendations.
Guidance: This skill appears coherent, but before installing consider: (1) CLAWTRACE_OBSERVE_KEY is sensitive—ensure the key has minimal scope and rotate/revoke it if needed; (2) confirm ClawTrace's privacy and tenant-isolation policies because using the skill will cause trajectory data (trace_ids/session context) to be analyzed off-host; (3) the skill suggests truncating conversation history and writing to MEMORY.md—make sure those local changes match your own data-retention policies; (4) limit calls (the skill already recommends not calling Tracy more than twice per session) to control cost and data exposure; and (5) if you need stronger assurance, ask the provider for docs on what data is transmitted and how it's stored/retained.
Findings: [no-findings] expected: Regex scanner saw no code to analyze; this is an instruction-only skill, so empty scan results are expected. Review SKILL.md content instead (done above).

Purpose & Capability: okName/description (self-analysis of agent trajectories) match the declared requirement (CLAWTRACE_OBSERVE_KEY) and the runtime endpoint (https://api.clawtrace.ai/v1/evolve/ask). No unrelated binaries, credentials, or config paths are requested.
Instruction Scope: noteSKILL.md contains concrete instructions for calling the ClawTrace SSE endpoint, parsing streamed 'text' events, and acting on recommendations (trimming history, writing a MEMORY.md entry). These actions are within the skill's purpose. The skill also claims 'Tracy has access to your real trajectory data' and 'respects tenant isolation'—these are statements about the remote service and cannot be verified locally, so you should confirm privacy/isolation guarantees from the provider before sending sensitive traces.
Install Mechanism: okNo install spec or code files are present; this is instruction-only, so nothing is written to disk by an installer. Lowest-risk installation profile.
Credentials: okOnly a single environment variable (CLAWTRACE_OBSERVE_KEY) is required, which matches the described authentication method. No unrelated secrets or multiple credentials are requested.
Persistence & Privilege: okThe skill is not forced-always and does not request elevated platform privileges. It instructs the agent to write to its own MEMORY.md (local record-keeping) which is normal and scoped to the agent.