Skillv2.0.2

ClawScan security

Agent Toolkit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 18, 2026, 10:34 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it claims — a local, file-backed toolkit for logging and benchmarking agent activity — but it persistently writes whatever you provide (including secrets) to plain-text files in your home directory, so handle inputs and the data directory with care.
Guidance: This tool is coherent and appears safe to install, but be careful: it saves whatever you type to plain-text files (~/.local/share/agent-toolkit/*.log and export.*). Avoid pasting API keys, passwords, or other secrets into entries. If you need to record sensitive info, use placeholders or store it encrypted elsewhere. Consider: (1) set DATA_DIR to a secure location or change permissions (chmod 700) on the data directory, (2) do not use agent-toolkit to store raw credentials, (3) periodically review and securely delete or rotate any secrets that may have been logged, and (4) be aware exported files (export.json/csv/txt) may include sensitive entries and are written to disk.

Purpose & Capability: okName/description match the delivered behavior: an instruction-only skill plus a bash CLI that logs, searches, exports, and reports on agent-related entries. Nothing in the files requires unrelated cloud credentials or unusual system access.
Instruction Scope: noteSKILL.md and the script stay within the declared scope (logging, searching, exporting). However examples explicitly show writing things like 'OpenAI API key rotated' to the logs; the tool will persist any user-provided input verbatim, which means secrets or credentials can be accidentally recorded and later exported or searched.
Install Mechanism: okNo install spec or external downloads; the skill is instruction-only with a bundled bash script. No network fetch or archive extraction occurs during installation.
Credentials: noteThe skill requests no environment variables or credentials. It does implicitly rely on $HOME to set DATA_DIR and standard Unix utilities. Because it stores arbitrary text, the lack of required creds is appropriate, but the examples encourage recording API keys in plaintext — a security/privacy risk but not inconsistent with purpose.
Persistence & Privilege: noteThe script creates and persists files under ~/.local/share/agent-toolkit and appends to history.log and per-command logs (expected). It does not request elevated privileges or modify other skills, but this persistent storage means sensitive data may linger until you remove it.