Skillv1.0.0

ClawScan security

positive-psychology · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 9, 2026, 3:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent for offering empathetic, action-focused support, but it lacks explicit safety procedures for users expressing severe distress or suicidal ideation—this is a notable omission for a mental-health-adjacent companion.
Guidance: This skill appears to do what it says (empathic, action-focused support) and has no code/install risks, but before installing consider: 1) it currently lacks explicit crisis/suicide-response behavior — ask the publisher to add escalation steps (encourage contacting emergency services, provide local crisis hotlines, or instruct to connect to a human professional) for keywords like '活不下去' or '绝望'; 2) if you don't want automatic triggering on sensitive words, restrict it to user-invocable only or add safeguards to avoid accidental activation; 3) confirm privacy and data-handling expectations since this will handle sensitive user statements; and 4) do not rely on this skill for diagnosing or treating severe mental-health conditions — it should be an adjunct, not a replacement, for professional help.

Purpose & Capability: okName, description, and the SKILL.md all describe a mindful/positive-psychology companion; there are no declared credentials, binaries, or install steps that don't belong to this purpose. Everything requested (nothing) is proportionate to the stated aim.
Instruction Scope: concernThe instructions focus on empathy, purpose-exploration, and micro-actions, which fit the purpose. However, the skill lists high-risk trigger keywords (e.g., '活不下去', '绝望') but does not provide an explicit crisis-handling protocol (no guidance to encourage immediate professional help, contact emergency services, or provide local crisis hotlines). For a companion intended to trigger on severe distress, missing escalation/safety steps is a safety concern.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal disk/system footprint and low installation risk.
Credentials: okThe skill requires no environment variables, credentials, or config paths. No unrelated secrets are requested.
Persistence & Privilege: okalways is false and the skill is user-invocable. The SKILL.md describes automatic triggering based on keywords, but there is no manifest-level 'always' privilege or unusual system-wide modification requests.