Skillv0.2.1

ClawScan security

Executive · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 7, 2026, 2:15 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions expect access to email, calendar, tasks, and news feeds and to act proactively, but the package declares no required credentials, config paths, or installation steps — the intended data access and delivery channels are not specified, which is an incoherence you should clarify before installing.
Guidance: Before installing, confirm exactly which accounts and files this skill will access and how it will deliver briefings (email, chat, calendar event, etc.). Ask the publisher to declare required connectors/credentials (email/calendar API tokens, file paths like TASKS.md, news sources) and to document what automatic actions the skill can take and when it will seek approval. If you proceed, apply least-privilege: grant the minimum connectors needed, restrict write/send permissions (require manual approval before sending messages or posting briefs), set/confirm quiet hours, test with non-sensitive data first, and enable audit logging so you can review what the skill reads and sends. If you cannot get clear answers about data sources and delivery channels, avoid installing or run it in a sandboxed environment.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (C‑suite briefings, schedule awareness, drafting, decision support) matches the runtime instructions, but those instructions assume access to inboxes, calendars, TASKS.md, and external news sources. The skill metadata declares no permissions, credentials, or config paths for these data sources, creating a mismatch between what it needs to do and what it requests.
Instruction Scope: concernSKILL.md explicitly instructs the agent to check unread messages, upcoming meetings, a TASKS.md file, and to 'scan for news/events'. It does not define where to read messages or meetings from, how to find TASKS.md, or where briefings should be delivered — leaving broad discretion that could lead to reading/sending sensitive data without clear limits.
Install Mechanism: okInstruction-only skill with no install spec or code files — lowest install risk. Nothing will be written to disk by an installer from this package itself.
Credentials: concernNo environment variables, credentials, or config paths are declared, yet the instructions require access to sensitive sources (email, calendar, task file, external news). This absence of declared required access is disproportionate and leaves ambiguous which credentials/connectors the agent will use.
Persistence & Privilege: notealways is false (good), but the skill expects to run periodic 'heartbeat' checks and to act proactively. Autonomous invocation is normal for skills, but combined with the implicit need to read/send sensitive data, this increases the impact — you should confirm how and when heartbeats run and whether automatic delivery actions are gated by explicit approval.