Back to skill
Skillv1.0.0
ClawScan security
Arena System · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 23, 2026, 11:56 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions are consistent with an on-disk adversarial self-review loop; it does not ask for credentials, make network calls, or install external code.
- Guidance
- This skill appears coherent and limited to a local on-disk debate loop. Before installing: (1) inspect and, if needed, edit the prompts so they don't contain or ask for secrets; (2) run setup.sh with a directory you control (e.g., ./setup.sh ~/safe/path) rather than accepting defaults; (3) be aware outputs/state files may contain sensitive or proprietary text you feed into the loop — store them appropriately; (4) note the minor path/documentation inconsistencies (examples use ~/my-arena vs. heartbeat snippet's ~/clawd/arena) and correct them to match your setup; (5) if you want upstream provenance, verify the GitHub repository URL in package.json before trusting published claims.
Review Dimensions
- Purpose & Capability
- okName/description (Agent vs Anti-Agent debate loop) match the SKILL.md and the included files. The setup script and prompts create the state, prompts, and outputs the skill needs; there are no unrelated credentials, binaries, or external services requested.
- Instruction Scope
- noteSKILL.md instructs the agent to read/write local state.json and outputs and to alternate persona prompts — this is exactly the advertised behavior. Note: the loop stores whatever you feed it (reports may contain sensitive data), and the heartbeat snippet hardcodes a '~/clawd/arena/state.json' path which is a minor inconsistency with examples that use custom directories (e.g., ~/my-arena).
- Install Mechanism
- okNo install spec; the only executable provided is setup.sh which creates local folders and prompt files. No downloads, no external package installs, and nothing is written outside the user-specified directory.
- Credentials
- okNo environment variables, secrets, or external credentials are requested or referenced. The skill's file I/O (state.json, prompts, outputs) is proportionate to its purpose.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent platform privileges. It only writes files under the chosen directory and does not modify other skills or global agent configuration.