Skillv1.0.0

ClawScan security

Agent Self-Care · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 12:52 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's actions (killing processes/sub-agents, rotating logs, writing retrospective files, and recommending frequent autonomous scheduling) are coherent with an 'agent self-care' purpose, but the runtime instructions lack scope limits, safety controls, and declared configuration/permission requirements — this raises reasonable risk concerns before installing or enabling automated runs.
Guidance: This skill appears to do what it says, but it grants broad control over agent sub-processes and can write/rotate logs and create retrospective files without clear safety boundaries. Before installing or enabling automated runs: 1) Confirm what the platform commands (subagents/process/session_status/cron) actually control and whether the skill will be allowed to terminate user-owned processes. 2) Require a dry-run or confirmation mode for destructive steps (killing processes, clearing cron artifacts). 3) Limit scope (e.g., only manage processes owned by the agent, restrict process age/criteria) and lower schedule frequency while testing. 4) Provide or request explicit config paths for where retrospectives/logs are written, and ensure audit logging is enabled. 5) Test in a staging environment first. If you cannot get answers about scope and safeguards, treat this skill as risky and avoid enabling autonomous frequent scheduling.

Review Dimensions

Purpose & Capability: okName and description match the behavior: the skill is explicitly for agent maintenance and its instructions call platform tools to list/kill sub-agents and processes, compact context, rotate logs, and record retrospectives. No unrelated capabilities or unexpected external services are requested.
Instruction Scope: concernSKILL.md instructs the agent to kill sub-agents and background processes, rotate logs >50MB, clear cron artifacts, and write retrospective files to memory/daily/YYYY-MM-DD.md. Those are powerful actions and the skill does not specify scope boundaries (which processes/sub-agents are safe to kill), opt-in/dry-run behavior, or exact file paths/permissions. It also recommends running every 5 minutes and being 'proactive', which grants broad discretion to act without user prompts.
Install Mechanism: okNo install spec and only a small included shell script (optimize.sh) — nothing is downloaded or extracted. Low installation risk. The script itself contains only echo/placeholder commands and a harmless cron action=list call with fallback text.
Credentials: okNo environment variables, credentials, or external endpoints are requested. However, the skill implies access to agent internals (subagents, process management, memory paths) without declaring required config paths or permissions, which should be clarified before use.
Persistence & Privilege: notealways:false (good) but the SKILL.md recommends a 5-minute cron schedule and the principle 'Don't wait for user to ask'. Enabling automated scheduling would give the skill ongoing authority to act frequently; this is potentially high-impact, so consider limiting schedule frequency and requiring explicit consent for destructive actions.