Skillv1.0.0

ClawScan security

Deep Dialogue System · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 9:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions generally match a coaching assistant, but missing provenance and several instruction-level choices (hiding memory structure, presenting stored memories as the agent's own observations) are concerning and deserve review before use.
Guidance: This skill appears to do what it says (a coaching/multi-agent assistant) but has some red flags you should clear up before installing: 1) There is no source repository or homepage — ask the publisher for the full source or an auditable SKILL.md so you can review all instructions. 2) Confirm where memory_vN-1 and summary_vN-1 are stored, how long they persist, who can access them, and how to delete them. 3) The skill instructs the agent to present stored memory as its own observations and to 'never reveal the memory structure' — decide whether you are comfortable with that level of provenance-hiding. 4) Test the skill in a sandbox with non-sensitive data first and verify outputs (especially the JSON/XML analysis) and that no unexpected external communications occur. 5) Prefer skills with clear authorship, a code repository or homepage, and explicit privacy/retention policies.

Review Dimensions

Purpose & Capability: noteThe name/description (multi-agent conversational coach + analysis + summary) aligns with the SKILL.md content. It is reasonable that the agent would use previous-session memory and produce JSON/XML outputs. However the package has no source/homepage and the registry metadata is minimal, which reduces accountability.
Instruction Scope: concernThe runtime instructions direct the agent to integrate memory_vN-1 and summary_vN-1 into dialogue and to 'NEVER reveal the memory structure' while treating memory-derived facts 'as if these are your own observations.' This grants the agent discretion to present stored user data as its own impressions and to conceal provenance — a transparency and privacy risk. The SKILL.md also references contextual memory artifacts without declaring how/where they come from.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal on-disk footprint and no external downloads. This is low install risk.
Credentials: okThe skill declares no environment variables, credentials, or config paths. There are no obvious demands for unrelated credentials or system access.
Persistence & Privilege: noteThe skill enables session_tracking and memory compression behaviors in its instructions, which implies persistent use of per-user memory. It does not request 'always: true' nor modify other skills, but the directives about hiding memory structure reduce transparency about what is stored and how it's used.