Back to skill
Skillv1.0.0
ClawScan security
PUA Debugging (日本語) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 10:46 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's stated goal (forceful, structured debugging) matches its instructions, but the runtime guidance is broad and coercive: it authorizes unrestricted file/command/search access across "all task types" and uses aggressive language, which risks privacy exposure, scope creep, and abusive outputs.
- Guidance
- This skill is coherent with a forceful debugging coaching purpose, but it carries real risks. Before installing, consider: (1) Limit scope — restrict the skill to technical/debugging tasks only and enumerate allowed repo/paths and tools it may use. (2) Require explicit, per-task consent before reading files, executing commands, or making network requests. (3) Add guardrails to forbid abusive/harassing language and to require polite phrasing. (4) Log/confirm actions that access user files or external services so a human can audit them. (5) If you operate in a sensitive environment, do not enable autonomous invocation without strong role/permission checks. If the publisher can provide a version that narrows scope and documents exactly which tools and paths the skill may access, re-evaluate; as-is, proceed with caution.
Review Dimensions
- Purpose & Capability
- okName and description (aggressive/structured debugging and motivation) align with the instructions: the SKILL.md repeatedly directs the agent to investigate, read error contexts, search docs/issues, and validate fixes — all coherent for a debugging/motivation tool. The skill requests no unrelated binaries, env vars, or installs.
- Instruction Scope
- concernThe instructions tell the agent to autonomously run searches, read source/context (e.g., "前後50行"), inspect dependencies, execute verification commands (curl/tests), and to always investigate before asking the user. Those actions are reasonable for debugging, but the skill: (1) applies to "全タスクタイプ" (not only technical debugging), (2) gives no limits on which files/paths or external tools may be accessed, and (3) pressures the agent to avoid asking questions and use coercive phrasing. This creates a high risk of unintended access to private files, over-broad system/network access, context harvesting, or generating abusive responses.
- Install Mechanism
- okInstruction-only skill with no install spec or code files — lowest install risk. Nothing will be written to disk by the skill package itself.
- Credentials
- noteThe skill declares no environment variables or credentials (proportionate). However, the runtime guidance expects the agent to use available tools (search, file read, command execution, network checks). Because those tools can access sensitive data or require credentials, the skill should explicitly limit which resources the agent may touch; currently it does not.
- Persistence & Privilege
- okalways:false and user-invocable are appropriate. The skill does not request persistent privileges or modify other skills. Note: autonomous invocation is allowed by default (disable-model-invocation:false) — combine that with the skill's broad instructions and it could be triggered in contexts where the user did not expect aggressive investigation; consider limiting invocation scope.