ClawHub
Back to skill
v1.0.2

Gsd Claw

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:27 AM.

Analysis

GSD Claw is a coherent instruction-only project workflow skill, with the main caution that it can guide the agent to edit project files, run verification commands, use sub-agents, and persist project planning notes.

GuidanceInstall this if you want a structured project-planning and execution workflow. Before letting it execute, review the generated .gsd plans, affected files, and verification commands; avoid storing secrets in .gsd files; and request manual approval before commits or broad changes if needed.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Task Types: - `type="auto"` — Agent executes autonomously ... After each task: ... Commit changes (if applicable)

The skill explicitly allows autonomous execution and commits during a development plan. This is expected for a spec-driven build workflow, but it gives the agent meaningful project-mutation authority.

User impactThe agent may make and commit code changes as part of an approved plan.
RecommendationReview generated plans and verification commands before execution, and ask the agent to pause before commits or broad changes if you want tighter control.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
**Plans ARE prompts** — Executable instructions, not documents to interpret ... Document decisions in `{project}/.gsd/CONTEXT.md`

The workflow stores project decisions and plans as persistent prompt-like files that the agent later treats as instructions. This is central to the skill, but users should keep those files accurate and free of secrets or untrusted edits.

User impactProject notes and plans can influence future agent behavior in the same project.
RecommendationKeep .gsd files inside the intended project, review them before reuse, and avoid storing credentials or sensitive private information in them.
Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
For multi-task execution, spawn sub-agents: - Each sub-agent gets fresh 200k context

The skill may delegate work to sub-agents with project context. This is purpose-aligned, but it means task details may be shared across agent contexts.

User impactSub-agents may receive project information and perform parts of the workflow.
RecommendationUse this workflow only with project data you are comfortable sharing with the agent system, and ask for single-agent execution if delegation is not desired.