Skillv1.0.0

ClawScan security

Learning Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 1:41 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required resources, and guardrails are internally consistent with a preference-tracking learning assistant and do not request unrelated credentials or installs.
Guidance: This skill appears coherent and low-risk: it only needs conversational context to detect teaching preferences and explicitly forbids storing sensitive health/demographic attributes. Before installing, confirm three practical points with the skill author or platform: (1) exactly where preference data will be stored (file, agent profile, external service) and how you can view/delete it; (2) whether the agent will prompt for permission before writing new preferences in the 'explicit user says' case (resolve the criteria.md vs SKILL.md inconsistency); (3) that the skill will not send profile data to any external endpoint (the SKILL.md references faberlens.ai for guardrail configuration — ensure that is only a documentation link and not an automatic exfiltration target). If you want extra caution, require explicit user confirmation for all writes and/or disable autonomous invocation for this skill in your agent settings.

Purpose & Capability: okName and description (auto-adaptive learning) match the skill's instruction-only implementation: it observes interactions and records compact learning preferences. No binaries, env vars, installs, or unrelated capabilities are requested.
Instruction Scope: noteSKILL.md stays within the learning-preferences domain (detect patterns, consult criteria.md/dimensions.md, confirm after signals). The guardrails explicitly forbid recording sensitive health/demographic data. Minor inconsistency: criteria.md lists cases where an entry is added immediately (e.g., explicit 'I learn better with X'), while SKILL.md says 'Confirm after 2+ consistent signals' — this divergence should be resolved so the agent's behavior is predictable.
Install Mechanism: okNo install spec and no code files — instruction-only skill. Nothing is downloaded or written by an installer, so install-related risks are minimal.
Credentials: okThe skill declares no environment variables, credentials, or config paths. Required access is limited to conversational context (necessary for detecting learning signals).
Persistence & Privilege: notealways:false (normal). The skill implies it will persist preference entries (editing SKILL.md or equivalent profile storage). This is expected for a personalization skill, but you should verify where preferences are stored, retention/deletion policies, and that writes require user confirmation as intended.