Back to skill
Skillv1.5.0
ClawScan security
Claw Mbti · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 3:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested access and instructions match its stated purpose: it analyzes recent chat interactions to produce an MBTI-style report and requires no credentials, installs, or unrelated system access.
- Guidance
- This skill is internally consistent: it examines your recent chat history and bundled type descriptions to produce an MBTI-style report, and it does not request credentials or install code. Before installing, decide whether you're comfortable granting the agent access to your recent 7 days of conversations and any stored memory (this is necessary for the diagnosis). If you have sensitive information in recent chats, remove or hide it first. You can also inspect the included types.md and README (the repo URL is provided) to verify the canned output text. If privacy is a concern, avoid installing or limit the agent's memory/access to recent messages.
Review Dimensions
- Purpose & Capability
- okName/description match the behavior: the skill needs to read recent conversation history and local 'types.md' to produce MBTI reports. There are no unexpected environment variables, binaries, or external services required.
- Instruction Scope
- noteRuntime instructions explicitly require reviewing the user's recent 7 days of conversation history and memory and extracting behavioral signals; this is appropriate for a personality-diagnostic skill but has privacy implications. The SKILL.md explicitly forbids using code/shell-related content as evidence and restricts cited sources to natural-language interactions. It also requires reading the bundled types.md for canned descriptions.
- Install Mechanism
- okNo install spec and no code files are executed; this is an instruction-only skill with bundled static assets (svg and markdown). Low install risk.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The only file access described is to local bundled documentation (types.md), which is proportionate to the stated purpose.
- Persistence & Privilege
- okalways is false and disable-model-invocation is false (normal). The skill relies on agent access to conversation history/memory (expected for this use case) but does not request elevated or persistent platform privileges.