Pluginvv0.1.0

ClawScan security

Myoperatingplugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 28, 2026, 1:20 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, scripts, and instructions are consistent with a 'self‑improvement' hook that logs learnings and injects lightweight reminders; it does not request unrelated credentials, perform network downloads, or contain obvious exfiltration.
Guidance: This skill is internally coherent for capturing learnings and adding bootstrap reminders. Before enabling hooks or copying files into your home/workspace: (1) inspect the hook handler and the reminder text (it injects a virtual file into session context), (2) note that error-detector reads CLAUDE_TOOL_OUTPUT (do not enable PostToolUse globally if you don't want automatic error scanning of tool output), (3) enabling hooks requires explicit user action (copy/enable) so it's opt-in, and (4) the scripts will create/modify files under the active workspace — ensure you trust the repository path and set appropriate file permissions. If you want extra assurance, run the extract-skill.sh --dry-run and test the activator/error-detector in a disposable workspace first.

Purpose & Capability: okName/description (self-improvement) align with the provided files: reminder hook, activator, error detector, and an extraction helper. Required envs/binaries are none, which is proportionate for this purpose.
Instruction Scope: okSKILL.md and scripts limit actions to creating/appending local .learnings files, producing short reminders, and detecting error patterns from CLAUDE_TOOL_OUTPUT. The instructions explicitly warn not to log secrets and avoid reading unrelated system config. No instructions request arbitrary transcripts or external endpoints.
Install Mechanism: okNo install spec (instruction-only). Included scripts and hook handlers are local files; there are no downloads from remote URLs or package installs. The extract script writes under the current workspace and includes checks to avoid absolute paths or '..' traversal.
Credentials: okThe skill declares no required environment variables or credentials. The error-detector script reads CLAUDE_TOOL_OUTPUT (a platform-provided variable) which is expected for PostToolUse hooks and proportional to the stated purpose.
Persistence & Privilege: notealways:false (normal). The optional hook injects a virtual reminder file into session bootstrapFiles when enabled — this alters session context (as intended) but only after user enables the hook. Review before enabling because hooks affect every session they are registered for.