ClawHub
Back to skill
v1.0.7

SRS Support

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:41 AM.

Analysis

This is a coherent instruction-only SRS support skill, with the main caution that it depends on trusted local SRS documentation and memory files.

GuidanceThis skill appears safe to use for SRS support. Before installing, make sure you intend it to read local SRS documentation/source paths, use it in a trusted SRS checkout, and review any suggested build, deployment, or configuration commands before running them on important systems.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
Available directories: `trunk/`, `cmd/`, `internal/`, `cmake/`, `docs/`, `memory/`

The skill depends on local repository and memory/documentation directories, while the provided manifest only includes SKILL.md and evals. This is not suspicious by itself, but the effective knowledge source is outside the packaged artifacts.

User impactIf the local SRS checkout or knowledge files are stale, missing, or tampered with, the assistant's answers may be inaccurate or influenced by unreviewed local content.
RecommendationUse the skill in a trusted SRS workspace and keep the referenced docs and memory files current and reviewed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Layer 1 — Always load: `memory/srs-overview.md` ... Ground every answer in the knowledge files and docs

The skill intentionally treats local memory and documentation files as authoritative context for answers. This is expected for a support/RAG-style skill, but those files can influence future responses.

User impactUntrusted or poisoned local documentation could shape the assistant's guidance, especially for operational commands or configuration advice.
RecommendationOnly allow trusted project documentation and memory files in the referenced paths, and review important operational commands before applying them.