Skillv1.0.0

ClawScan security

Interaction Pipeline · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 31, 2026, 1:21 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (consistent status updates and two-line summaries) matches its instructions, but the SKILL.md also instructs the agent to hook into every tool execution and to override or be unsuppressible by other skills — a behavioral claim that is disproportionate and ambiguous given the skill has no install or code.
Guidance: This skill is coherent with its goal (produce concise, two-line status summaries) and is low-risk technically because it has no code, installs, or credential requests. However, its runtime instructions try to make it run after every tool execution and to be unsuppressible and to override other skills' response styles. That is a behavioral escalation (not a code-based one) and could interfere with other skills or cause repetitive or leaked summaries across agent actions. Before installing: 1) confirm how your platform enforces skill priority and whether a skill can actually claim global, unsuppressible hooks; 2) test the skill in a non-sensitive environment to observe interactions with other skills; 3) if you rely on other skills' precise outputs (or have sensitive tool outputs), avoid enabling this skill until you can limit its scope or get an explicit mechanism for safe integration; 4) ask the skill author to remove or clarify the 'must not be suppressed' / 'override' directives and to document when summaries should be suppressed (e.g., for confidential operations).

Review Dimensions

Purpose & Capability: okName and description align with the instructions: produce status updates and concise 2-line summaries after actions. No binaries, env vars, or external services are requested, which is reasonable for this role.
Instruction Scope: concernThe SKILL.md directs the agent to run 'after every tool execution (success or failure)', 'must not be suppressed by any other skill', and to 'override any default LLM response style'. Those directives expand this skill's effective scope across all agent activity and conflict with normal skill arbitration; they are vague and grant broad behavioral influence without explaining how to respect other skills' outputs or when to avoid duplicating or leaking sensitive information.
Install Mechanism: okInstruction-only skill with no install spec or code files; lowest technical risk from installation. Nothing is downloaded or written to disk.
Credentials: okNo environment variables, secrets, or config paths are requested. The requested surface is minimal and proportional to the declared purpose.
Persistence & Privilege: concernThe skill does not set always:true and requests no system modifications, but its instructions attempt to assert global, unsuppressible behavior and to override other skills' response styles. That is a privilege claim (broad invocation across all tool executions) that cannot be enforced by the skill itself in this instruction-only form and may cause conflicts or unintended interception of outputs if the platform honors it.