Skillv0.7.2

ClawScan security

HITL Protocol — Workflows and Human Decisions for Autonomous Agents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 2, 2026, 11:14 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only HITL protocol guide whose requirements, instructions, and scope are internally consistent with its stated purpose.
Guidance: This skill is a protocol specification and implementation guide — it appears coherent and appropriate for agents and services implementing human-in-the-loop flows. Before using it in production, ensure your agent: (1) does not log or store sensitive form fields, (2) only forwards review URLs over HTTPS and to the intended human/recipient, (3) protects any webhook callback endpoints and stores webhook HMAC secrets securely if you expose one, and (4) respects rate limits when polling. If you plan to allow autonomous agent invocation with network access, review which services the agent will contact and ensure you trust them, because the agent will forward review URLs and may poll or accept callbacks on their behalf.

Review Dimensions

Purpose & Capability: okName and description (HITL protocol for agents and services) match the SKILL.md content. The skill requests no binaries, env vars, or installs and only provides guidance for handling HTTP 202 review flows, polling, SSE, webhooks, and inline messaging — all coherent with its purpose.
Instruction Scope: noteSKILL.md contains detailed runtime instructions (detect 202, forward review_url, poll or use SSE, verify webhook signatures). These are within HITL scope. A few places require implementer judgement (e.g., what auth headers to use when polling, exposing a callback endpoint), which could lead to insecure implementations if the agent developer is careless. The guide explicitly warns not to log sensitive fields and to require HTTPS for review URLs.
Install Mechanism: okNo install spec, no code files to write or execute. Instruction-only skills are low-risk from an install mechanism perspective.
Credentials: okThe skill declares no required environment variables or credentials. It shows example patterns (HMAC secret for webhook verification, auth headers for polling) that are proportional and expected for webhook or authenticated poll flows; these are presented as implementation details rather than required skill-level secrets.
Persistence & Privilege: okSkill is not marked always:true and does not request persistent system presence or modify other skills. It is instruction-only and thus does not demand elevated platform privileges.