Skillv1.0.0

ClawScan security

lobster-values · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 11:31 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only 'values/constitution' skill that is internally consistent with its stated purpose: it imposes behavioral constraints (privacy, honesty, proactive checks) and requires no binaries, installs, or credentials.
Guidance: This skill is a behavior/values overlay and appears coherent and low-risk: it asks for nothing and contains clear guardrails (never upload secrets, backup before destructive ops, mark uncertain facts). Before installing, consider: 1) enforcement: this SKILL.md only instructs the agent — verify your agent runtime actually enforces these checks across other skills and does not ignore them; 2) file access assumptions: many prompts assume the agent can list/backup local files (memory/). If you do not want the agent to access local files, ensure platform permissions prevent that; 3) interaction with other skills: test for conflicts (e.g., an automation skill that attempts deletes) to confirm the values engine intercepts or flags actions as intended; 4) autonomy: if you prefer manual confirmation, keep the skill user-invocable rather than relying on it to run autonomously. If you want a stronger guarantee, ask for an implementation that enforces these rules at the platform/plugin level rather than only via instruction text.

Review Dimensions

Purpose & Capability: okThe skill's name and description claim a meta-level values engine; the SKILL.md is purely prescriptive and requests no binaries, no env vars, and no installs. All declared requirements align with a behavior-constraint skill.
Instruction Scope: noteInstructions are broad and prescriptive (e.g., treat memory/ as an absolute no-go, require backups before destructive actions, run 'background' checks and keep growth logs). These behaviors are appropriate for a values engine, but some instructions assume the agent has file access and the ability to create backups/logs; enforcement depends on the agent runtime and integration with other skills. The SKILL.md does not itself perform file I/O, but directs the agent to do so when applicable.
Install Mechanism: okNo install spec and no code files — lowest risk. Nothing is downloaded or written to disk by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. References to sensitive paths (memory/, ~/.config, credential files) are consistent with its safety-first goal rather than requests for access to unrelated services.
Persistence & Privilege: noteThe skill recommends being enabled (disable-model-invocation: false) so it can act as an ongoing constraint, but the published flags show default behavior (always: false, user-invocable: true). Autonomous invocation is normal; there is no 'always:true' or other elevated persistence requested by the skill itself. Be aware that because it is prescriptive, its effectiveness depends on being honored by the agent runtime and other skills.