Skillv1.0.0

ClawScan security

marine-watch-planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 24, 2026, 6:31 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's description (marine watch scheduling) matches its behavior, but the runtime instructions reference local scripts and reference files that are not provided — an incoherence that could lead to failures or unintended local file access.
Guidance: This skill is an instruction-only planner that generally fits its stated purpose, but its SKILL.md expects several local files and a script that are not bundled or declared. Before installing or enabling the skill: (1) Ask the publisher to provide the referenced files (scripts/build_marine_plan.py and references/*.md) or to remove those references; (2) If those files will be present on your host, inspect their contents to ensure they don't read sensitive paths or exfiltrate data; (3) If you can't review the files, run the skill in a restricted/sandboxed environment or disable autonomous invocation; (4) Expect the skill to fail or to attempt to access local paths if the referenced files are absent. These mismatches are likely an oversight but could also mask broader behavior — proceed only after verification.

Purpose & Capability: noteName/description (build/adapt onboard watch schedules) is coherent with the SKILL.md workflow and required inputs; nothing in the manifest asks for unrelated credentials or binaries. However, the instructions explicitly refer to several local resources (scripts/build_marine_plan.py and references/*.md) that are not included in the package or declared in requirements, creating a capability mismatch.
Instruction Scope: concernRuntime instructions tell the agent to 'Use' local files and a script (scripts/build_marine_plan.py, references/watch-models.md, references/safety-anchors.md, references/internet-budgeting.md). Because this is an instruction-only skill with no bundled files, the instructions either will fail or cause the agent to attempt to read those paths on the host. That introduces a risk of unintended local file access and is an unclear/incomplete runtime contract.
Install Mechanism: okNo install spec and no code files are included, so nothing will be written to disk by the skill itself. This is the lowest-risk install model.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths in the registry metadata—proportionate to a planning/assistant skill.
Persistence & Privilege: okalways is false and the skill is user-invocable. Model invocation is allowed by default (normal). The skill does not request persistent system privileges or to modify other skills' configs.