Skillv1.0.0

ClawScan security

Autonomous Organization · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 9:15 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (orchestrating autonomous agents) broadly matches its instructions, but the runtime instructions are vague, reference an undefined CLI (sessions_spawn) and file writes (MEMORY.md), and would allow the agent to spawn/drive other agents without clear safeguards — these mismatches and the unknown source warrant caution.
Guidance: This skill describes an agent-orchestration framework but is missing important details and comes from an unknown source. Before installing: (1) confirm where 'sessions_spawn' (or the orchestrator) comes from and whether your platform exposes it; (2) understand what permissions the agent would need to read/write MEMORY.md and to spawn subagents — restrict those permissions or run in a sandbox first; (3) require manual approval / rate limits for any spawned sub-agents to avoid runaway behavior; (4) prefer a skill with documented source, homepage, or implementation so you can audit what will actually run. If you can't verify the orchestrator and safeguards, treat this skill as risky and avoid installing it in production environments.

Review Dimensions

Purpose & Capability: noteThe name/description and SKILL.md both describe an orchestration framework for autonomous agents, so purpose and capability broadly align. However, the instructions reference an executable 'sessions_spawn' and an 'orchestrator' with no declared dependencies, binaries, or documentation link — this omission is an incoherence (the skill expects runtime primitives that are not declared or provided).
Instruction Scope: concernInstructions tell the agent to review and update MEMORY.md, check system health/resource usage, and to spawn sub-agents using 'sessions_spawn --task ... --runtime subagent'. These are broad, ambiguous directives that give the agent discretion to read/write files and create autonomous subagents. There are no concrete limits, safeguards, or explicit target endpoints, so the agent could perform unexpected file I/O or spawn many agents.
Install Mechanism: okThis is an instruction-only skill with no install spec or downloadable artifacts, which reduces installation risk. No archived or remote installs are requested.
Credentials: noteThe skill declares no required environment variables or credentials (appropriate for a scheduling/orchestration description). However, it instructs editing MEMORY.md and checking system health — actions that imply file-system access and potentially privileged monitoring APIs; the SKILL.md does not declare or constrain these accesses.
Persistence & Privilege: concernThe skill does not request 'always: true', but the platform default allows autonomous model invocation. Combined with instructions that explicitly spawn sub-agents, this creates a higher blast radius: the skill could autonomously create and drive other agents if the host platform exposes 'sessions_spawn' or similar. There are no written safeguards or approval steps in the instructions.