ClawHub
Back to skill
v1.0.0

linux-riscv-contribute

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:52 AM.

Analysis

This skill is a clearly described, user-gated Linux contribution workflow, but it can modify local code, create GitHub issues, delegate work to other agents, and prepare patch emails.

GuidanceInstall only if you intend to automate Linux RISC-V contribution work. Before running it, confirm the docs repo, Linux checkout, GitHub issue repository, assigned user, ACP agent IDs, and mailing-list dry-run setting. Use a separate branch or worktree and approve each human gate only after reviewing the generated issue list, plan, diffs, and email draft.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Run iterative loop until pass or policy limit: 1. Implement approved plan. 2. Build and run configured tests. 3. Parse failures and patch.

The skill authorizes worker agents to change code and run tests in an iterative loop. This is expected for the stated kernel contribution workflow and is bounded by a policy limit and prior plan approval, but it can still materially change a local repository.

User impactThe agent may edit the Linux checkout and run build/test commands after the user approves a plan.
RecommendationUse a clean branch or disposable worktree, confirm the workflow limits, and review diffs before using any generated patches.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
references/workflow-template.yaml
issue:
  repo: zcxGGmu/linux-riscv-docs
  assignee: zcxGGmu

The workflow is configured to create or update GitHub issues in a specific repository and assign them to a specific user. This is visible and scoped, but it will rely on whatever GitHub authority the user or agent has.

User impactIf run with GitHub access, the workflow can post or update issues in the configured repository.
RecommendationBefore approving issue sync, verify that the configured GitHub repo and assignee are intended and that the agent is using the right account.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Record each iteration in `state/run_history/*.json`.

The skill deliberately stores run history, issue mappings, plans, patches, and logs as persistent workflow artifacts. This is useful for auditability, but later runs may rely on this stored state.

User impactProject details, generated plans, test results, and workflow state may remain on disk and shape future automation.
RecommendationKeep the workflow directory in a trusted repository, review state files before reuse, and avoid storing sensitive unrelated information in these artifacts.
Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Spawn ACP session explicitly:
- `runtime: "acp"`
- `agentId: "claude-code"`

The workflow delegates planning and implementation work to named ACP worker agents, including Claude Code and Codex. This is central to the skill's purpose, but it means repository context and generated artifacts may be shared across agent sessions.

User impactOther configured agents may receive source context, plans, logs, or patch details while performing the workflow.
RecommendationUse only trusted ACP agents, confirm the configured agent IDs, and avoid running the skill on repositories containing unrelated secrets.