Skillv1.0.0

ClawScan security

spec steering workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 8:48 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent: it implements a file-first spec/checkpoint workflow and only reads/writes workspace files and local templates; there are no network calls or secret access requested — but verify how the script resolves the workspace and ensure you trust the location where files will be written.
Guidance: This skill appears to do what it claims: manage long-running specs via files and a local helper script. Before installing, check these points: 1) Confirm your agent runtime has Python available (specctl.py is a Python script). 2) Confirm where the skill will be installed so the script's workspace calculation (script.parents[3]) resolves to the directory you intend — otherwise it may create or modify files outside the expected sandbox. 3) Because the skill writes and updates files under specs/ and steering/, back up any important workspace data and review created files (meta.json, handoff.md, tasks.md) to ensure state is captured as you expect. 4) If you need stronger isolation, run the skill in a restricted workspace or verify filesystem permissions. Overall the footprint is local and file-scoped with no credential or network access, so risks are limited if you validate the workspace and runtime interpreter.

Review Dimensions

Purpose & Capability: okName/description match the implementation: templates, rules, and a helper script (scripts/specctl.py) exist to create and manage spec workspaces, checkpoints, handoffs, and archives. No unrelated credentials, binaries, or network access are requested.
Instruction Scope: noteRuntime instructions direct the agent to read/write files under workspace paths (specs/active, specs/archive, steering/) and to use scripts/specctl.py for operations — this matches the stated purpose. Note: the helper script computes the workspace by walking three parent directories from its own location (script.parents[3]), which is brittle: if the skill is installed in an unexpected path that calculation could point to a different directory than you expect. Confirm the agent's installation layout and sandbox so files are written only where intended.
Install Mechanism: okNo install spec or remote downloads; this is an instruction-plus-local-code skill. No external packages are fetched and nothing is written to disk at install time beyond the skill artifact itself.
Credentials: noteSkill declares no required environment variables or secrets and the code shows no network or secret-access behavior. Minor inconsistency: the bundle does not declare a required runtime (python3) even though scripts/specctl.py is a Python script — the platform likely provides an interpreter but you should verify that the agent environment can execute the script.
Persistence & Privilege: okalways:false and no requests to modify other skills or system-wide configs. The agent is allowed to invoke the skill autonomously (normal default) and the skill will create and manage files under the workspace only.