Skillv1.0.2

ClawScan security

Claw Self Improving Plus · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 2:36 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent and local (no network or creds), but there is a notable mismatch between the promotion target labels used in drafting (e.g., "daily-memory") and the set of files the apply step will accept (SOUL.md, AGENTS.md, TOOLS.md, MEMORY.md), which can produce patches that cannot be applied — this looks like a logic/QA bug and should be reviewed before use.
Guidance: This package is locally focused and mostly coherent with its stated conservative workflow, but review the following before installing or running it: - Draft target mismatch: draft_patches.py will emit "daily-memory" as a default target when no promotion_target_candidates are set. The apply step only allows SOUL.md, AGENTS.md, TOOLS.md, and MEMORY.md, so "daily-memory" patches will be reported as invalid and never applied. Either ensure your captured items include valid promotion_target_candidates matching the approved filenames, or update draft_patches.py to map "daily-memory" into an actual writable target (or skip creating invalid patches). - Always run the pipeline in dry-run mode and inspect patches.json and conflicts.json before using --apply or pointing base-dir at an important repo. Use review_patches.py to explicitly approve any patch before apply. - The scripts will write to files under the base-dir you provide; confirm you trust the workspace and have backups or version control in place (apply_approved_patches supports --dry-run and skips duplicates). - If you plan to integrate this into an automated flow, fix the target-label logic and re-run tests: the current mismatch is a QA bug (not evidence of exfiltration), but it can cause confusion and misapplied expectations. If you want, I can point to the exact lines/functions that create this mismatch and suggest a minimal code change to make targets align with allowed files.

Review Dimensions

Purpose & Capability: okName/description and the included scripts align: the package captures learnings, scores/deduplicates them, drafts anchored patches, requires human approval, and only applies approved patches to long-term files. No network access or extra credentials are requested, which fits the stated purpose.
Instruction Scope: concernThe SKILL.md workflow is conservative and explicitly requires human approval before long-term edits. The scripts implement that flow. However, draft_patches.py defaults to a target label "daily-memory" when no promotion_target_candidates exist; that label is not one of the allowed apply targets and will cause detect_patch_conflicts.py / apply_approved_patches.py to mark those patches as invalid. This mismatch means the pipeline can generate unusable patch candidates (or unexpected "invalid_targets"), which is a functional inconsistency that could confuse operators.
Install Mechanism: okNo install spec or external downloads. All code is included and uses standard Python scripts. No external package installs or network retrievals were observed.
Credentials: okThe skill requests no environment variables, secrets, or external credentials and the scripts do not read unusual system paths or environment secrets.
Persistence & Privilege: okThe skill is not always-on and does not request elevated privileges. It writes only to workspace files provided via --base-dir and to a .learnings working directory; apply_approved_patches.py validates target filenames against a small allowed set before writing.