Back to skill
Skillv1.1.0
ClawScan security
Live Task Pulse · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 7, 2026, 2:22 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The code is benign and matches the stated purpose, but the runtime instructions demand automatic, mandatory message pushes and recommend sharing a workspace between agents — a mismatch with the registry metadata and a potential data-leakage / scope-creep concern.
- Guidance
- The script itself is simple and does not phone home or request secrets, but the runtime instructions are intrusive: they tell agents to auto-enable the skill for all eligible tasks and to push live messages (via the platform 'message' tool) every time a step changes. Before installing: (1) decide whether you want automatic, unsolicited progress messages — if not, do not follow the SKILL.md's 'MANDATORY' instruction and require explicit user opt-in; (2) avoid using a shared TASK_PULSE_DIR across agents or teams to prevent unintentional data sharing; (3) if you must enable auto-push, limit push frequency and sanitize messages to avoid leaking sensitive content; (4) consider running the skill in an isolated workspace or testing it first so you can confirm message destinations and volume; (5) ask the publisher to remove or clarify the 'MANDATORY/auto-activate' language and to document security/privacy consequences. If you want a safer deployment, change TASK_PULSE_DIR to an agent-local path and require human confirmation before sending messages.
Review Dimensions
- Purpose & Capability
- noteThe provided Python CLI and JSON persistence are coherent with a real-time task-tracking skill that relies on the platform 'message' tool for delivery. However, the SKILL.md repeatedly asserts the tool must be 'MANDATORY' and 'Activate automatically — do not wait for user', which is stronger than the registry metadata (always:false). The integration guide's multi-agent/shared workspace guidance broadens the intended scope beyond a single-agent tracker.
- Instruction Scope
- concernThe instructions require the agent to automatically push chat messages after every file update and to auto-activate for all multi-step tasks without waiting for user consent. They also encourage sharing the TASK_DIR across agents so sub-agents can write/read task files. That grants the skill broad, automated behavior and cross-agent visibility of task contents (possible leakage), and gives the agent broad discretion to send messages on the user's behalf.
- Install Mechanism
- okNo install spec or external downloads; the skill is instruction-plus-a-script only. Nothing is written to disk by an installer beyond the included files.
- Credentials
- noteNo required credentials or environment variables are declared; optional vars control only local file path, timezone, and stall threshold. However, recommending a shared TASK_PULSE_DIR across agents expands access to other agents' task data and could expose sensitive task content if agents/teams share the workspace.
- Persistence & Privilege
- concernThe SKILL.md's 'MANDATORY' and 'activate automatically' language seeks effectively permanent, automatic invocation for multi-step tasks despite the skill not being registered as always:true. Autonomous invocation is allowed by default, so combined with the SKILL.md this yields a high runtime presence (frequent unsolicited pushes). The skill does not request system-wide config changes, but its instructions encourage cross-agent shared storage which increases blast radius.