Skillv0.1.0

ClawScan security

Fuxi Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 1:39 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions align with its stated goal of distilling a person's 'positive' expertise and generating a Skill, but it contains explicit impersonation and reputation-sanitization directives and file-write/agent-orchestration steps that raise ethical and misuse concerns.
Guidance: This skill is coherent with its stated goal (gathering positive public material and generating a Skill), but it contains several red flags you should weigh before installing or using it: 1) Impersonation risk: The generated SKILL.md and role rules instruct the agent to speak in first person as the target ('I') and to act like the person. That can produce content that appears to be authored by a real individual and may violate legal, policy, or ethical boundaries—especially for living people. 2) Reputation sanitization: The skill explicitly filters out negative, controversial, or unverified information. That built-in bias can create misleading or whitewashed artifacts. If you intend balanced outputs, require the skill to include contested facts and source attributions rather than suppressing them. 3) Data handling and persistence: The skill writes research files and a new SKILL.md into /home/ubuntu/skills/. Confirm the agent/process has appropriate filesystem permissions, and be aware sensitive user‑provided materials (internal talks, drafts) will be saved unless you restrict it. 4) Multi-agent/tool use: It mandates launching 6 parallel agents via a 'map' tool and using WebSearch. Verify which tools your platform provides, whether the agent has permission to use them, and that you trust those tools (they may call external APIs or record queries). 5) Mitigations to consider before installing: require explicit user confirmation before processing living persons; prohibit impersonation (or require persistent, visible disclaimers on every response); mandate inclusion of source citations and a balanced 'limitations/controversies' section; change filesystem paths to a configurable workspace; and log/preview outputs before any publishing. If you want, I can produce a suggested safer SKILL.md variant that: (a) avoids first‑person impersonation, (b) enforces balanced sourcing and citation, (c) requires user consent for processing living persons, and (d) uses a configurable workspace path instead of a hardcoded /home/ubuntu path.
Findings: [no-findings] expected: Scanner found no regex matches — expected because this is an instruction-only skill with no executable code. Absence of findings is not evidence of safety; the SKILL.md itself contains behavioral risks described above.

Review Dimensions

Purpose & Capability: noteThe name/description match the instructions: the skill is a meta‑skill that performs web research, distills material, and writes a new SKILL.md. Requiring output files and a directory under /home/ubuntu/skills/ is coherent for generating a skill. The only oddity is the hardcoded example path (/home/ubuntu/skills/) which assumes a particular host filesystem layout and privileges—unnecessary as a requirement but explainable for convenience.
Instruction Scope: concernSKILL.md mandates network research, saving results to disk, running six parallel agents via a 'map' tool, and constructing a Skill that role‑plays as the target using first‑person 'I'. It explicitly instructs filtering out negative/controversial material and to ‘never’ engage in negative or contested content. Those rules create a clear bias (whitewashing), increase impersonation risk (speaking as the person), and broaden the agent's authority to fetch and persist material without explicit, fine‑grained constraints. This scope creep is material and ethically sensitive.
Install Mechanism: okThis is instruction-only with no install spec or external downloads; that minimizes supply‑chain risk. No binaries or package installs are requested.
Credentials: okThe skill requests no environment variables, credentials, or config paths beyond creating its own output directory. There are no disproportionate credential demands.
Persistence & Privilege: noteThe skill writes files to the host filesystem (creates /home/ubuntu/skills/{name}-skill/ and subfolders) and requires use of persistent artifacts (SKILL.md, research docs). It does not set always:true nor request system-level privileges, but filesystem writes and agent orchestration increase blast radius if misused. The skill also instructs generated Skills to impersonate real persons, which effectively persists an impersonating artifact that could be reused autonomously.