Skill Forge
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approving an install or uninstall could change what the agent is able or instructed to do in future sessions.
The skill can install or uninstall skills, which can change the agent runtime, but the documented workflow requires signed approval for applying mutations.
`forge` | Detect, scaffold, validate, evaluate, and optionally request install approval | install only with signed approval ... `uninstall` ... apply requires signed approval
Use plan-only mode first, inspect generated skill folders and install plans, and approve only changes you understand.
If Telegram approval is enabled, the agent or local process may need access to Telegram bot credentials and a chat ID.
Telegram approval uses bot/chat configuration values, which are sensitive integration credentials even though the registry metadata lists no required environment variables.
parser.add_argument("--telegram-bot-token-env", default="TELEGRAM_BOT_TOKEN") ... parser.add_argument("--telegram-chat-id-env", default="TELEGRAM_CHAT_ID")Keep Telegram tokens out of logs and prompts, use least-privilege bot credentials, and verify approval requests before responding.
Private task details or poisoned feedback could be reused when proposing future skill changes.
Persistent feedback can influence future skill updates. The design uses reviewed candidates rather than direct mutation, but stored feedback can still carry sensitive or misleading content.
After installation, usage feedback is recorded as append-only JSONL. Feedback can produce a new update candidate, but installed skills are not edited in place.
Avoid putting secrets in feedback, review redacted feedback/replay files before approving evolved skills, and do not approve updates based on untrusted feedback.
If scheduled, it may keep reviewing installed skills outside the immediate interactive task.
The skill includes optional scheduled/background review behavior, but the documentation limits it to scanning/reporting unless configured otherwise.
During sleep hours, a scheduled job can scan installed skills and produce a health report ... It must not install updates unless explicitly configured with an approval mode.
Enable nightly review only intentionally, understand its scope, and keep mutation approval modes disabled unless needed.