Skillv1.0.0

ClawScan security

Intent Framed Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 4:05 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and behavior are consistent with its stated purpose (framing coding work and monitoring scope drift); it requests no credentials and has no install spec, though its README suggests optional external tooling that the user should be aware of.
Guidance: This skill is an instruction-only helper for capturing and monitoring coding intent and appears coherent. Before installing or running any suggested setup commands: (1) be cautious about running the example 'npx skills add pskoett/...' — that would download code from external sources; inspect the package/repo first. (2) If you allow the agent to run shell commands, note it may run 'entire status' to detect an optional CLI; if Entire is present, intent records may be written into your repo/checkpoint branch. No credentials are requested by the skill itself. If you need stricter isolation, avoid running the optional npx/install commands or block command execution for the agent.

Review Dimensions

Purpose & Capability: okThe name/description (intent framing and drift monitoring for coding work) matches the SKILL.md content. The skill only prescribes producing structured intent artifacts and monitoring drift; it does not request unrelated access or credentials.
Instruction Scope: okRuntime instructions are narrowly focused on creating intent frames, checking for drift, and resolving intents. The only external command referenced is a harmless detection call to the 'entire' CLI (entire status) to detect optional integration; there are no directives to read unrelated files, exfiltrate data, or access environment variables.
Install Mechanism: noteThere is no formal install spec in the registry (instruction-only), which is low risk. The SKILL.md includes optional 'npx skills add pskoett/...' example commands — running those would fetch code from an external source (npm/GitHub) and therefore should be audited by the user before execution. The skill itself does not force any download.
Credentials: okNo environment variables, credentials, or config paths are required. The optional integration with the Entire CLI is proportional to the described purpose (storing intent records in session transcripts/checkpoints) and is only used if the tool is present.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence or modify other skills. It may write intent records via the Entire CLI if that tool is available (which implies writing to a repository/checkpoint branch) — this behavior is documented and conditional on the tool being present.