Back to skill
Skillv0.1.0
ClawScan security
Structured Multi-Agent Deliberation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:03 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and required artifacts are coherent with its stated purpose (structured multi-agent deliberation), but you should review the included scripts before running them because the package comes from an unknown source.
- Guidance
- This skill appears internally consistent with its purpose, but it originates from an unknown source and includes three Python scripts. Before installing or running: (1) inspect the scripts (claims-validator.py, round-controller.py, stopping-detector.py) for network calls, subprocess execution, or file-system access beyond the state/ and artifacts/ directories; (2) run them in a sandboxed environment or container if you plan to execute them; (3) prefer installing from a verified repository (ask the publisher for a canonical Git URL) rather than an unverified clone command; (4) confirm no secrets or API keys are necessary and the validator enforces the stated evidence_refs ≥2 rule; (5) if you will use this in production, consider a code review and adding automated tests to the scripts to ensure they do only the expected local validation and file writes.
Review Dimensions
- Purpose & Capability
- okName/description match the actual contents: SKILL.md defines a deliberation framework, templates and references describe role schemas, and three small helper scripts (claims-validator.py, round-controller.py, stopping-detector.py) are present and expected for implementing the described JSONL audit trail and stopping checks. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okRuntime instructions focus on producing artifacts (artifacts/, state/*.jsonl) and running the multi-agent rounds with cross-validation and stopping criteria. SKILL.md does not instruct the agent to read unrelated system files or exfiltrate secrets; it only prescribes writing/validating local JSONL state and templates. The README suggests optional installation from a Git repo (generic).
- Install Mechanism
- okThere is no install spec included (instruction-only at registry level). The README mentions cloning from GitHub, which is a normal distribution method. No downloaded archives, package registry installs, or obscure URLs are present in the provided metadata.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no special config paths. This is proportionate to an orchestration/validation framework that primarily writes/reads local artifact files.
- Persistence & Privilege
- okSkill flags: always=false, user-invocable=true, disable-model-invocation=false — standard for optional, autonomous-invokable skills. The skill does not request persistent system-wide privileges nor claim to modify other skills' configs.