Skillv0.1.0

ClawScan security

Chat Refiner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 1, 2026, 11:58 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (refining chat history) matches its instructions, but its explicit guidance to keep/store configuration details including API keys and other secrets is disproportionate and risky.
Guidance: This skill will read chat transcripts and write persistent memory/summary files — but its included principles explicitly tell the agent to keep and persist 'Configs (API keys, models)' and other potentially sensitive data. Before installing or using it, consider: (1) Do not run it on transcripts that contain secrets (API keys, tokens, passwords) unless you trust and have reviewed the output destination. (2) Edit the SKILL.md or principles to explicitly redact or exclude secrets (e.g., remove the 'Configs (API keys, models)' line and add a redaction step). (3) Require user confirmation before writing memory files or make it user-invocable only (avoid autonomous invocation on sensitive corpora). (4) After use, inspect the created memory files and delete any secrets you find. (5) If you need automated redaction, add explicit redaction rules to the workflow (detect common key patterns and remove them). These mitigations reduce the risk of accidental secret persistence; without them, the skill's behavior is suspicious and potentially dangerous.

Review Dimensions

Purpose & Capability: concernName/description (refine chat history and produce MEMORY.md) matches the SKILL.md workflow and tools (sessions_history, memory_search/get, write/edit). However the included principles explicitly instruct the agent to 'Keep: Configs (API keys, models)', which is not something a typical 'chat refiner' legitimately needs to persist and is unexpected for a history-summary tool.
Instruction Scope: concernThe SKILL.md tells the agent to read sessions_history, memory/*.md and chat transcripts and then write persistent summary files (memory/YYYY-MM-DD-summary.md or MEMORY.md). That is coherent for summarization, but the instructions also direct keeping and persisting sensitive items (API keys, model configs). There is no guidance to redact or protect secrets, and the skill gives the agent broad discretion to delete or retain items, which could lead to inadvertent persistence of secrets or sensitive context.
Install Mechanism: okInstruction-only skill with no install spec, no binaries, and no code files — minimal installation risk.
Credentials: concernThe skill declares no required environment variables or credentials, but the principles explicitly tell the agent to keep 'Configs (API keys, models)'. That is a mismatch: the skill does not request special access but its instructions encourage collecting and persisting secrets that are unrelated to the stated benign purpose and that should not normally be stored in memory files.
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide persistence or modification of other skills. It writes summaries to memory files (expected behavior), but combined with the instruction to retain secrets this persistent storage becomes sensitive — the privilege level itself (not always) is reasonable.