Skillv1.0.0

ClawScan security

卡帕西研究系统 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 12, 2026, 6:40 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are mostly consistent with a research/education assistant; nothing indicates intentional misdirection or hidden exfiltration, but there are minor inconsistencies (a hard-coded Windows workspace path and implicit external-network actions) you should review before enabling automated operation.
Guidance: This skill appears to be what it says: a daily research assistant for Andrej Karpathy's public work. Before enabling it, consider: 1) If you plan to let it run automatically, confirm whether it will access external services (GitHub, YouTube, X, Discord) and whether you need to provide API tokens — the skill does not declare any credentials. 2) The included Python file contains a hard-coded Windows path (C:/Users/USER/...), which may not exist and could cause unexpected behavior if the skill writes files; review and adjust that path to a safe workspace you control. 3) Decide whether you want the agent to publish or back up generated 'skills' automatically; if so, verify what destination and credentials will be used. 4) As a precaution, run the code in a sandbox or with agent autonomy disabled until you confirm its network/file actions meet your policy.

Review Dimensions

Purpose & Capability: noteName/description describe daily research of Karpathy projects and transforming insights into teaching/skills. Declared requirements are minimal (no env vars, no binaries) which aligns with a lightweight research skill. Minor oddity: the bundled Python file hard-codes WORKSPACE = Path("C:/Users/USER/.qclaw/workspace/evolution"), a user-specific Windows path that is unnecessary for a generic research skill and may not exist on target systems.
Instruction Scope: noteSKILL.md instructs the agent to check public sources (GitHub commits, YouTube, X/Twitter, Discord), run three analyses, create/backup skill artifacts. Those actions are within the stated purpose. However the instructions implicitly require network access and possibly API tokens for automated checks (especially Discord/X/GitHub) even though no creds are declared; the backup step references a local 'NEW SKILL/karpathy-research/' path but gives no details about where/how backups are stored.
Install Mechanism: okNo install spec (instruction-only) and only a small Python file. No downloads or external install actions detected—this is low-risk from an install standpoint.
Credentials: noteThe skill declares no required environment variables or credentials, which is consistent with an informational research skill. However, SKILL.md's suggested automation (polling GitHub/YouTube/X/Discord) could require API keys or tokens in practice; those are not declared, so if the agent attempts to automate those checks it may prompt for or require credentials later.
Persistence & Privilege: okalways is false and the skill does not request system-wide changes or modify other skills. The code contains a local workspace path but does not modify other skill configs. Autonomous invocation is allowed by default (normal).