ClawHub
Back to skill
v0.1.0

Skill Optimizer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:45 AM.

Analysis

This instruction-only skill coherently audits local skills and waits for user choices before changes, but users should review any proposed edits or deletions because they affect installed skills.

GuidanceInstall only if you are comfortable with a skill that audits your current conversation and visible local skill directories. Before approving any Fix, Merge, or Delete action, verify the exact target paths and consider making a backup.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Only after the user selects action items should you: - rewrite metadata - sync `agents/openai.yaml` - merge overlapping skills - delete duplicates or obsolete skills

This gives the agent authority to change or remove installed skill files, but the same instruction makes those changes conditional on user-selected action items.

User impactIf the user approves an action without checking the target path, installed skills or future agent behavior could be changed or removed.
RecommendationReview the action queue and exact file paths before approving Fix, Merge, or Delete actions; keep backups for deletions or merges.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityInfoConfidenceHighStatusNote
SKILL.md
Unless the user explicitly provides extra logs or transcript files, use: - the current conversation history - the current workspace's local skill directories - installed skill directories that are directly visible from the environment

The audit relies on conversation context and local skill files as inputs. This is expected for the purpose, but users should understand what local/contextual data is being reviewed.

User impactThe report may summarize or quote portions of the current conversation and local skill metadata/instructions.
RecommendationAvoid running the audit on conversations or local skill directories containing information you do not want included in the report.