Skillv1.0.0

ClawScan security

Plan Interview · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 5, 2026, 4:05 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and actions are consistent with its stated purpose (running a structured interview and producing implementation plans); it reads project docs and writes plan files under the repository, which is expected behavior for this kind of planning tool.
Guidance: This skill appears to do what it says: interview the user, inspect the repo, and write a plan file under docs/plans. Before installing or invoking it, confirm you are comfortable granting the agent read access to project files (README.md, AGENTS.md, code files) and write access to the repository (it will create docs/plans/plan-*.md). If you prefer review before commits, restrict the agent so it can draft plans but not push or commit them automatically. Also verify the provider-specific AskUser behavior (how prompts/pauses are presented) matches your workflow. There are no requested credentials or hidden network endpoints in the provided materials.

Purpose & Capability: okThe name and description (structured interview + plan generation) match the contents of SKILL.md. The skill requests no credentials or external binaries and is instruction-only, which is proportionate to a planning/interview helper.
Instruction Scope: noteInstructions explicitly tell the agent to run an interview, explore the codebase (re-read AGENTS.md, README.md, identify affected files), iteratively refine a draft, and write the final draft to docs/plans/plan-NNN-<slug>.md. This scope is coherent with planning, but it implies reading repository files and creating new files in the repo — users should be aware and consent to those repository read/write actions.
Install Mechanism: okThere is no install specification or packaged code; the skill is instruction-only. The SKILL.md shows an npx add command as a user-facing convenience, which is standard and not executed automatically by the skill.
Credentials: okThe skill declares no required environment variables or credentials and its runtime instructions do not request secrets. It does reference provider-specific tools (AskUser) but does not ask for unrelated credentials.
Persistence & Privilege: okalways is false and the skill does not request system-level persistence. The only persistent effect described is creating plan files under docs/plans in the repository — appropriate for its function but worth confirming before allowing writes.