Skillv1.0.0

ClawScan security

Agent Ops Hardening · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 16, 2026, 1:33 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and included audit script are consistent with a workspace hardening checklist; nothing indicates intentional misdirection or exfiltration, though there are small scope and declaration mismatches you should be aware of before running it.
Guidance: This skill appears to be what it says: a hardening checklist and a small workspace audit script. Before running: 1) Inspect scripts/harden-audit.sh yourself (it’s short and included). 2) Be aware the script looks for heartbeat-state.json in sibling/ home rick-vault locations — it will read local files outside the current directory if they exist, but it does not transmit them. 3) The README references tools like `trash`, `jq`, `grep` which are not declared as required; install or provide safe fallbacks if you expect them. 4) When verifying external services (tool pre-flight), do those test API calls manually or in a controlled environment so you don’t accidentally exercise production write operations or expose credentials. If you need higher assurance, run the audit in an isolated sandbox or with a copy of your workspace first.

Purpose & Capability: noteThe skill's purpose (production hardening) matches its content: policies, checklists, and a small audit script. However, the registry metadata lists no required binaries while SKILL.md and the script reference common CLI tools (trash, mv, grep, jq, ls). This is not dangerous but is an undeclared dependency that could affect behavior.
Instruction Scope: noteSKILL.md stays within hardening scope (checks/rotation/heartbeat/memory). The included script inspects workspace files (MEMORY.md, SOUL.md, USER.md, HEARTBEAT.md, TOOLS.md) as expected. One behaviour to note: the script searches for heartbeat-state.json in paths outside the explicit workspace (../rick-vault/... and $HOME/rick-vault/...). It only reads local files and prints findings (no network calls), but this means it can touch files in your home/parent dirs — worth reviewing if you expect strictly sandboxed checks.
Install Mechanism: okInstruction-only skill with a small shell script and no install spec; lowest install risk. No downloads or extract operations are performed.
Credentials: okThe skill requests no environment variables or credentials. SKILL.md recommends verifying external tool auth before use, but the skill does not ask you to provide or transmit secrets itself.
Persistence & Privilege: okalways is false and the skill does not request persistent system presence or modify other skills. It only contains advice and a local audit script.