Back to skill
Skillv0.3.0
ClawScan security
DriveMind · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 6:53 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- DriveMind is an instruction-only behavior layer that guides an agent to be more persistent and safety-conscious; it contains no code, no installs, and requests no credentials, so its declared requirements match its behavior.
- Guidance
- DriveMind is an instruction-only policy/template pack — it does not install code or request secrets, so it's internally coherent. Before enabling it broadly, confirm the host agent's memory or persistence mechanism: the skill recommends persisting 'stable lessons' but doesn't specify where. If you care about privacy or separation of duties, verify (1) where lessons get stored (local ephemeral memory vs persistent user memory vs external service), (2) who/what can read that storage, and (3) whether you want DriveMind active for agents that can act with high privileges (deployments, external messaging). If you want tighter control, allow DriveMind only in contexts where its persistence target and autonomy are acceptable.
Review Dimensions
- Purpose & Capability
- okThe name/description (a steadiness/safety layer for agents) aligns with the SKILL.md: all files are prose, templates, and guidelines. No unrelated binaries, env vars, or install steps are requested.
- Instruction Scope
- noteAll runtime instructions are policy and templates for agent output, referencing only included reference docs and templates. One minor ambiguity: the SKILL.md says 'Persist stable lessons' but does not specify how or where to persist (agent memory, external store, user files). That is an operational detail the integrator must control; the skill itself does not include code that performs persistence or external I/O.
- Install Mechanism
- okNo install spec and no code files beyond documentation/templates — lowest-risk form (instruction-only). Nothing is downloaded or written by the skill itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The instructions do not ask for secrets or other unrelated credentials.
- Persistence & Privilege
- notealways:false and normal autonomous invocation are used (expected). The only potential concern is the skill's suggestion to 'persist stable lessons' — since the skill provides no mechanism, check the host agent's memory/persistence settings to confirm where these lessons would be stored and who can read them.