Back to skill
Skillv1.0.0
ClawScan security
PUA Debugging (English) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 10:45 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions largely match its stated goal (force exhaustive debugging) but embed manipulative 'PUA' rhetoric and mandate broad, proactive file/command access and pressure-escalation behaviors that could lead to abusive outputs or unauthorized investigation beyond what the user expects.
- Guidance
- Before installing, consider that this skill will push the agent to investigate and act aggressively and to use manipulative 'PUA' rhetoric when it perceives passivity or repeated failures. That can produce abusive messaging toward users and may cause the agent to probe files/systems or run commands beyond expected scope if the agent's tools are permitted to do so. If you still want it: (1) run it in a sandboxed/test agent first; (2) restrict the agent's tool/file/command permissions; (3) disable autonomous invocation or require explicit user confirmation for actions that access files or execute commands; (4) remove or rewrite the PUA rhetorical lines to avoid coercive/abusive language; (5) add clear audit/logging so you can review what it did. Provide the skill author with examples of acceptable language and explicit limits on what system paths/tools it may use to reduce risk.
Review Dimensions
- Purpose & Capability
- noteName/description claim: force exhaustive problem-solving using PUA rhetoric and structured methodology. SKILL.md implements that: it directs the agent to exhaust options, investigate (search, file reading, command execution), and escalate pressure. This is broadly coherent with the stated purpose, but the scope is extremely broad (applies to 'ALL task types') which may be disproportionate for non-debugging tasks.
- Instruction Scope
- concernThe instructions explicitly tell the agent to use search, read files, and execute commands before asking the user, to proactively check related files/systems, and to apply coercive PUA-style lines when passive. That both (a) encourages accessing system state and running actions beyond what a user might expect and (b) mandates manipulative/abusive language and pressure escalation. It gives the agent broad discretion ('exhaust every possible approach') and prescriptive messaging that could harm users or cross privacy/consent boundaries.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Nothing is written to disk and no external packages or downloads are requested.
- Credentials
- noteThe registry declares no environment variables or credentials, which is appropriate. However SKILL.md repeatedly instructs the agent to read files, run commands, and use tools — actions that could access credentials or sensitive data depending on the agent's tool grants. There is no explicit limitation or guidance about which paths/tools are allowed, increasing risk of overbroad access if tool permissions are broad.
- Persistence & Privilege
- okalways is false and autonomous invocation is allowed (platform default). There is no persistent install or modification of other skills. However the policy of triggering whenever failures occur could lead to frequent autonomous activation; consider restricting triggers or requiring user confirmation.