Back to skill
Skillv1.0.1
ClawScan security
COMMS.md Creator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 4:32 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only skill cleanly guides a conversational interview and generates a COMMS.md document; its requirements and instructions are consistent with that purpose and it doesn't request credentials or install code.
- Guidance
- This skill appears coherent and low-risk: it only contains instructions and templates for an interview that produces a COMMS.md. Before installing/using, consider privacy and placement: the generated document may include sensitive preferences or personal examples, so be deliberate about where you (or an agent) save or publish it (personal website vs private vault). The skill itself does not request credentials, but if you instruct your agent to save the COMMS.md into a third-party service (Notion, GitHub, etc.), that will involve separate credentials and permissions — verify those flows and consent before allowing the agent to store or publish the document. If you plan to pair this with automations (e.g., comms-md-reader), confirm access controls so the COMMS.md is shared only with intended parties.
Review Dimensions
- Purpose & Capability
- okName, description, and provided files (template + example + SKILL.md) align with the stated goal of generating a COMMS.md. No unrelated binaries, env vars, or configs are requested.
- Instruction Scope
- okRuntime instructions are a step-by-step interviewing and drafting workflow limited to asking questions, filling a provided template, reviewing with the user, and asking where to save the document. There are no instructions to read arbitrary system files, access credentials, or transmit data to hidden endpoints.
- Install Mechanism
- okNo install spec or code files are provided; this is instruction-only, so nothing is written to disk or downloaded by the skill itself.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The guidance to ask where to save the document mentions external targets (personal website, Notion, Obsidian) but does not itself require or access those services' credentials.
- Persistence & Privilege
- okalways is false and the skill has normal user-invocable/autonomous-invocation defaults. The skill does not request persistent agent-level privileges or attempt to modify other skills or system settings.