Skillv0.1.0

ClawScan security

Using Superpowers Tianjin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

ReviewMar 16, 2026, 6:58 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose matches its instructions, but its mandatory, global rule to always invoke and follow other skills before any response creates a meaningful safety risk (prompt-injection chaining, unnecessary expansion of attack surface, and denial-of-service-like behavior).
Guidance: This skill is coherent with its stated goal, but it's risky: it forces the agent to check and then follow other skills before any reply, including clarifying questions. That makes the agent more likely to execute or follow malicious skills (prompt-injection), to chain many skills unnecessarily, and to behave in confusing or unusable ways. Before installing: consider whether you truly want this global mandate; prefer restricting it to explicit situations or require user confirmation before invoking other skills; ensure the platform enforces sandboxing and consent for skill actions, and audit the set of installed skills (especially those that hold credentials). If you rely on this skill, monitor agent activity and limit autonomous invocation of high-privilege skills. If you can, obtain information about the skill's author/trust signals or platform-level mitigations; that information would reduce the concern.

Purpose & Capability: okName/description (enforce using skills before responding) aligns with the SKILL.md content: the file explicitly requires checking/invoking skills before any response. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope: concernThe instructions mandate invoking any possibly-relevant skill (even for clarifying questions) and to 'follow [invoked] skill exactly'. This increases risk of malicious or buggy downstream skills being followed blindly (prompt-injection/exfiltration risk), can cause excessive skill-chaining, and prevents the agent from asking initial clarifying questions before checking skills.
Install Mechanism: okInstruction-only skill with no install spec and no code files, so nothing is written to disk and no third-party packages are pulled in.
Credentials: okThe skill requests no environment variables, credentials, or config paths. It does not itself ask for secrets or external tokens.
Persistence & Privilege: noteThe skill is user-invocable and not marked 'always:true'. However, its behavioral mandate (always check skills first) can materially increase the platform's autonomous surface area when combined with other skills that do have credentials or broad access. This combination raises the effective privilege/risk even though the skill itself requests none.