Back to skill
Skillv1.0.0
ClawScan security
Influence And Negotiation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 29, 2026, 2:24 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's capabilities (negotiation coaching + persistent memory) line up with its description, but its runtime instructions ask the agent to auto-apply in many contexts and to create persistent negotiation files without explicit user consent — a privacy/persistence risk you should review before installing.
- Guidance
- This skill appears to do what it says (negotiation coaching) but contains two practical risks you should consider: (1) automatic, proactive activation: it instructs the agent to apply itself 'without being asked' in many conversations — if you prefer explicit consent before the skill runs, disable auto-load or require a trigger phrase; (2) persistent memory: it will create and update markdown-based negotiation records (negotiation-{slug}/) and suggests creating platform artifacts (Obsidian, Claude Projects) without asking the user each time. Before installing, verify the agent's workspace permissions and where files will be stored (local vs cloud), require prompts/consent before any writes, and confirm retention/encryption policies. Test the skill in a sandbox account or with non-sensitive data first, and consider editing SKILL.md to (a) remove or soften 'apply automatically' directives, (b) require explicit user consent before creating persistent memory, and (c) add constraints about where and how memory is stored (e.g., local only, encrypted, retention TTL). If you integrate this into workflows that handle PII, HR, or clinical data, consult your organisation's data-handling policy before enabling the skill.
Review Dimensions
- Purpose & Capability
- noteThe skill is an instruction-only negotiation toolkit and does not request unrelated credentials or binaries, which matches its stated purpose. It explicitly expects the agent to read reference files and to persist negotiation memory (flat markdown files) in the workspace or platform artifacts, so Read/Edit/Write capabilities are reasonable. Note: the skill's scope spans many domains (sales, clinical, HR), so its use of persistent memory is broad by design.
- Instruction Scope
- concernSKILL.md directs the agent to 'apply automatically — without being asked' in real time for many conversational patterns, to 'take initiative' and create/update persistent negotiation memory files, and to prefer proactive actions (create memory at first substantive session, update after any significant event). Those instructions permit the agent to capture, store, and reuse potentially sensitive or private content (salary data, clinical consultation details, negotiation tactics, third-party personal data) without an explicit user opt-in each time. It also instructs platform-specific persistence (Claude Artifacts, Obsidian MCP) which could result in data being stored outside the user's local environment.
- Install Mechanism
- okNo install spec or code is included; this is instruction-only, so nothing is written to disk by an installer. That lowers code-execution risk. The skill relies on agent tooling (Read/Edit/Write/WebFetch) but does not pull external code/assets itself.
- Credentials
- noteThe skill declares no environment variables or credentials, which is proportionate. However, it expects the agent to write/read workspace files and to optionally create cloud artifacts (Obsidian MCP, Claude Projects). If the agent/tooling bridges to external services (WebFetch or platform artifact APIs), sensitive negotiation data could be sent off-host. The skill does not specify consent, retention, or encryption policies for stored memory.
- Persistence & Privilege
- concernAlthough 'always: false' and the skill is not requesting force-inclusion, the instructions explicitly require creating and maintaining persistent negotiation memory and to auto-load that memory across sessions. That gives the skill long-lived presence in the agent's workspace and the ability to accumulate sensitive context (stakeholders, BATNA, offers). The skill does not require explicit user confirmation before creating/updating that persistent memory.