Skillv1.0.0

ClawScan security

Skill usage tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 27, 2026, 4:22 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (auditing skill use and enforcing rules) is plausible, but its runtime instructions reference a missing rules file, are vague about what is logged and where reports are stored, and could persist sensitive conversation data without clear protections.
Guidance: Before installing, ask the skill author (or the registry) for: (1) the SKILL_USAGE_RULES.md file or where rules will come from; (2) exact logging behavior — what fields of replies are recorded, sample log lines, and whether sensitive content is redacted; (3) where daily reports are stored or sent, who can access them, and retention/rotation/encryption policies; (4) an option to disable automatic per-reply auditing or require explicit user consent; and (5) an explicit config path for logs/rules (don’t assume defaults). If you can’t get clear answers, avoid installing or enable in a restricted test environment only.

Review Dimensions

Purpose & Capability: noteThe name and description match the instructions: it audits replies, enforces rules, logs violations, and produces reports. However, the instructions require reading SKILL_USAGE_RULES.md even though that file is not present in the package or declared as a required config path — this is a missing dependency and reduces coherence.
Instruction Scope: concernSKILL.md tells the agent to check every reply, read SKILL_USAGE_RULES.md, write violations to skill_violations.log, and generate daily reports. It does not specify what parts of replies are logged, how rules are sourced if SKILL_USAGE_RULES.md is absent, or whether logs/reports are stored, rotated, or transmitted. Automatic checking of all replies could cause broad access to potentially sensitive user content; the instructions are too vague about scope and data handling.
Install Mechanism: okInstruction-only skill with no install steps or external downloads — low risk from installation. No code files were included for static analysis.
Credentials: okThe skill requests no environment variables, credentials, or config paths. That is proportionate for a local usage-tracker, but the skill still implies access to the agent's reply stream and the ability to write logs — both of which should be explicitly documented.
Persistence & Privilege: concernThe instructions create persistent artifacts (skill_violations.log and daily reports) and state the checks run automatically after each reply. There is no guidance on log contents, retention, encryption, or access controls. Persistent logging of conversation content raises privacy and data-leakage risks if sensitive data are recorded or reports are exported.