Back to skill
Skillv2.1.1
ClawScan security
Agent Memory Loop · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 20, 2026, 12:35 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, runtime instructions, and required tools are consistent with a lightweight local learning loop; nothing requests unrelated credentials or downloads arbitrary code.
- Guidance
- This skill appears coherent and local-only: it sets up a .learnings folder, provides grep/date-based review tooling, and explicitly avoids auto-writing instruction files. Before installing: (1) inspect scripts (they are short and local) and run them in a safe workspace (not system root) to avoid accidental file changes; (2) ensure your agent/human reviewers follow the source labeling convention (mislabeling an external finding as source:agent could bypass the intended review protection); (3) run review.sh periodically to surface pending promotions and stale items; and (4) if you rely on date features, test review.sh on your platform (the script tries BSD/GNU date variants). If you need stricter guarantees, add automation that enforces source labels or restricts who can change promotion-queue.md.
Review Dimensions
- Purpose & Capability
- okName/description match behavior: the skill provides local one-line learnings, dedup, and a promotion queue. Required binaries (grep, date) and included scripts are appropriate and proportional to the stated purpose.
- Instruction Scope
- okSKILL.md limits actions to creating and scanning .learnings/*.md, queuing candidates, and asking humans to approve promotions. Instructions do not reference external endpoints, unrelated config paths, or secret environment variables. The workflow relies on conventions (source:agent/user/external) which must be followed to be effective.
- Install Mechanism
- okNo external install spec; included install/setup scripts only create a local .learnings directory and copy bundled assets. No downloads from arbitrary URLs or archive extraction are present.
- Credentials
- okNo environment variables or credentials are required. The skill reads and writes only to a workspace-local .learnings directory, which is appropriate for its purpose.
- Persistence & Privilege
- okalways:false and normal agent invocation are used. The skill does not modify other skills or system-wide agent settings. It intentionally advises against auto-writing instruction files (promotions require human approval).