Skillv1.0.2

ClawScan security

Rotating Single Target Cron · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 15, 2026, 2:56 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, requested resources, and behavior are consistent with its stated purpose of managing a rotating single-target cron job and do not request unrelated credentials or installs.
Guidance: This skill appears coherent and narrowly scoped, but before installing consider: 1) the cron job will post messages into chats — confirm you want automated mentions and pick an appropriate chat/roster to avoid harassment or privacy issues; 2) the state file is stored under workspace/memory and will contain the last-picked @ID in plain text; if that workspace is shared, be aware of visibility; 3) test only when you explicitly request a live run (the skill recommends this), and prefer testing in a private chat to avoid accidental notifications; 4) confirm you, or the agent user, will manage or remove the cron job when it is no longer needed. If you need the skill to integrate with external services or to store state outside the workspace, request explicit details from the skill author before granting those accesses.

Purpose & Capability: okName and description match the SKILL.md. The skill only needs workspace state files and cron payloads to implement single-target rotation; it does not request unrelated binaries, env vars, or external services.
Instruction Scope: okRuntime instructions are narrowly scoped: read/write a single workspace state file under memory/, build a strict cron payload, and post one message to chat. The SKILL.md explicitly limits live testing and output shape and does not direct reading of unrelated system files or exfiltration to external endpoints.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk by an installer beyond the state file the skill itself describes. This is the lowest-risk install posture.
Credentials: okNo environment variables, credentials, or config paths are requested. The only persisted artifact is a simple workspace-relative state file (memory/<job-slug>-last-target.txt), which is proportionate to the function.
Persistence & Privilege: okalways is false and autonomous invocation is allowed (the platform default). The skill does not request permanent elevated privileges, nor does it modify other skills or system-wide configuration.