Skillv0.1.0

ClawScan security

Brainstorming · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 4, 2026, 4:35 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are broadly consistent with a 'brainstorming' helper, but there are a few internal inconsistencies and surprise behaviors (notably automatic file writes/commits and mixed guidance about which other skills may be invoked) that you should understand before installing.
Guidance: This skill is mostly coherent for a design/brainstorming helper, but review these before installing: - Expect repository reads and writes: the SKILL.md tells the agent to inspect files and recent commits and to write docs/plans/YYYY-MM-DD-<topic>-design.md and commit it. If you do not want an agent making commits automatically, do not grant it repo write/commit permissions or require explicit confirmation before file changes. - Confirm git/tool availability: the skill assumes git and filesystem access but does not declare required binaries. Ensure your agent environment provides the tools you expect and that you understand which credentials (if any) will be used to commit/push. - Clarify allowed follow-on skills: the instructions both restrict follow-on invocation to writing-plans and also suggest using an elements-of-style skill. Ask the author to remove the contradiction or explicitly list permitted helper skills. - Consider limiting autonomy: because the agent may invoke other skills and can modify your repo, restrict autonomous invocation or require user approval steps for writes/commits. If you want to proceed, ask the skill author to: declare expected binaries/permissions (git, write access), remove the ambiguous cross-skill guidance, and change automatic commit behavior to require explicit user confirmation (or create the file but not commit it). These changes would raise confidence to 'high' and likely move the assessment to 'benign.'

Review Dimensions

Purpose & Capability: noteThe name and description match the instructions: the skill is intended to explore intent, propose approaches, and produce a design doc. However, the SKILL.md assumes the agent will read the repository, write files, and make git commits, yet the skill metadata declares no required binaries or tools (e.g., git) or config paths. This is a modest mismatch: reading/writing the project and committing is reasonable for this purpose, but the skill should declare that it expects repository access and git capabilities.
Instruction Scope: concernThe runtime instructions explicitly direct the agent to inspect project files, explore recent commits, write a design file under docs/plans/, and commit it to git. Those actions will read and modify user project data and change version control history — behavior that can be surprising if the user did not expect automatic writes/commits. The instructions also contain a contradictory guidance: a hard gate that allows only invoking writing-plans after brainstorming, but elsewhere suggests using an 'elements-of-style:writing-clearly-and-concisely' skill if available. This mixed guidance is ambiguous and grants the agent discretion to call other skills in practice.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so it doesn't download or install third-party code. That is the lowest-risk install mechanism.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The actions it prescribes (reading repository files and committing) are consistent with its purpose and do not require external credentials by default. However, if commits or repository operations in your environment require credentials (e.g., pushing to remote), the skill may trigger credential usage implicitly — the SKILL.md does not discuss or restrict that.
Persistence & Privilege: notealways is false and autonomous invocation is allowed (default). The skill instructs writing files inside the project and committing them to git — this is a modest persistence/privilege requirement (modifying the user's repo). It's not requesting permanent platform-level privileges, but you should be aware it intends to change your repository state and could be invoked autonomously unless you restrict it.