Skillv1.1.0

ClawScan security

📜 对话日志检索 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 5:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions match its stated purpose (searching local session JSONL logs with jq and rg); it reads sensitive local conversation files but does not request unrelated credentials or install remote code.
Guidance: This skill is internally coherent: it gives shell snippets to extract and search your local session JSONL logs using jq and rg. Before enabling it, consider: (1) these files contain your full conversation history and may include secrets or private data — only enable the skill if you trust the agent and owner; (2) the SKILL.md expects the agentId from the runtime system prompt — confirm the agent will use the intended agentId and path (~/.clawdbot/...); (3) the package has no install step, but granting the agent permission to read those files effectively gives it access to all historical chats — if you prefer, run the provided commands locally yourself instead of letting the agent access them; (4) note a minor metadata mismatch: _meta.json lists a different ownerId than the registry metadata included with the submission — you may want to verify the author/owner before installing.

Purpose & Capability: okThe name and description say 'search/analyze session logs' and the skill only requires jq and rg and points at ~/.clawdbot/agents/<agentId>/sessions/*.jsonl — these binaries and file paths are exactly what a log-search helper would need.
Instruction Scope: noteSKILL.md explicitly instructs the agent to read the user's conversation JSONL files (full transcripts, costs, tool calls). That is coherent with the purpose but important: those files contain potentially very sensitive conversation history and metadata. The instructions do not call out any external endpoints or require unrelated files, but they assume the agent can determine agent=<id> from the system prompt runtime line.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is downloaded or written to disk by the skill itself, which is the lowest-risk install model.
Credentials: okThe skill declares no environment variables or credentials. It only reads files under the user's home (~/.clawdbot/...). The requested access is proportional to the stated function, though the files it reads are highly sensitive.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges or modify other skills or global config. Autonomous invocation is allowed (platform default) but not combined with other concerning flags.