Skillv1.0.0

ClawScan security

Self-Learn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 5:25 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: Instruction-only skill that logs agent corrections and self-evaluations to a local file and the platform memory; behavior is coherent with its description but it can accidentally persist sensitive user data if not carefully used.
Guidance: This skill is coherent and low-risk in structure: it writes correction/lesson entries to a workspace file (memory/corrections.md) and uses the platform memory APIs. Before installing: (1) confirm where the platform memory_store (LanceDB) persists data and its retention/ACLs, (2) decide or enforce a policy to prevent accidental logging of secrets or PII (the skill's 'No secrets' rule is not a technical guard), (3) review and periodically purge or restrict access to the corrections.md file, and (4) test the skill in an isolated workspace to verify memory_store behavior. If you need stronger guarantees about not storing sensitive data, add content-filtering or explicit redaction steps before writing to memory.

Review Dimensions

Purpose & Capability: okThe skill's name/description (self-learning from corrections and self-evaluation) matches its instructions: append human-readable entries to memory/corrections.md and call the platform memory_store API. It does not request unrelated credentials, binaries, or system paths.
Instruction Scope: noteInstructions are focused on creating/appending memory/corrections.md, calling memory_store and memory_recall, and returning recent entries. This stays within the stated purpose. Caveat: the SKILL.md relies on the agent to follow a rule ('No secrets — never log credentials...') which is a behavioral constraint, not an enforced technical control; the skill will persist whatever the agent is told to store unless the platform enforces filtering.
Install Mechanism: okNo install spec and no code files — instruction-only. Nothing is downloaded or written by an installer. Lowest-risk mechanism.
Credentials: noteThe skill declares no required env vars or credentials, which is consistent. It calls memory_store / memory_recall (platform functions) and writes a workspace file; ensure the platform memory backend (LanceDB) and workspace are trusted. The absence of declared credentials is normal, but memory_store may use implicit platform credentials — confirm what the memory backend stores/retains.
Persistence & Privilege: okalways:false and user-invocable:true. The skill requests local persistence of logs in the agent workspace and platform memory but does not request elevated or always-on privileges. It does not modify other skills or global agent settings.