Back to skill
Skillv1.0.0
ClawScan security
Knowledge Graph Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:41 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements align with its stated purpose: it is a file-based helper for adding/superseding facts and regenerating summaries in a local knowledge-graph; nothing requested is disproportionate or evidently malicious.
- Guidance
- This skill appears coherent and implements what it claims, but keep these practical points in mind before installing: 1) The knowledge graph is stored as plain files under life/areas — do not put sensitive PII there; access control and encryption are your responsibility. 2) Superseding facts is effectively irreversible in this model; always confirm which ID will be superseded (the SKILL.md guardrail calls this out). 3) The guardrails in SAFETY.md and SKILL.md are documentation — the script won't enforce them for you; the agent or operator must follow them to avoid accidental PII storage or exfiltration. 4) Ensure the repository/workspace layout matches the script's expectations (life/areas present at the workspace root) so paths resolve correctly. 5) Because files are plaintext, protect the workspace (file permissions, backups) and be aware an agent or user could still copy or transmit files unless other platform controls block that. If you want stronger guarantees, consider adding automated checks or hooks that enforce the guardrails (PII detection, confirmation prompts, or blocking network transfers) rather than relying on documentation alone.
Review Dimensions
- Purpose & Capability
- okName/description match the included script and SKILL.md. The Python script implements add/supersede/summarize operations on life/areas/<kind>/<slug>/ and no unrelated binaries, credentials, or config paths are requested.
- Instruction Scope
- noteSKILL.md instructs running the bundled kg.py against life/areas/** and includes explicit guardrails (no PII, confirm supersede, no piping to network). The script only reads/writes local files under life/areas and does not access other system state or network. Note: the guardrails are documented guidance in SKILL.md/SAFETY.md and are not programmatically enforced by the script itself — correct behavior depends on the agent/operator following those rules.
- Install Mechanism
- okNo install spec; the skill is instruction-only with a small stdlib-only Python script included. Nothing is downloaded or executed from external sources.
- Credentials
- okNo environment variables, credentials, or config paths are required. The script does not read sensitive env vars and operates purely on workspace-relative files.
- Persistence & Privilege
- okalways:false and default invocation settings are used. The skill does not modify other skills or global agent config. It only writes entity files under life/areas, which is consistent with its purpose.