Back to plugin
Pluginv0.1.0
ClawScan security
summit entertainment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 24, 2026, 7:57 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, hooks, and instructions are consistent with a self-improvement logging helper and do not request unrelated credentials or perform network downloads — behavior matches the stated purpose.
- Guidance
- This skill appears to do what it says: provide short reminders and help capture learnings to local .learnings/ files. Before enabling it, consider: (1) The activator and error-detector are opt-in hooks — only enable them if you trust the workspace/user config. (2) The error detector reads CLAUDE_TOOL_OUTPUT which may contain sensitive command output; keep the policy to redact secrets and avoid automatic logging of full transcripts. (3) scripts/extract-skill.sh will create files under the current workspace; it contains checks to prevent absolute/../ paths but review the target path before running. (4) Review/adjust file permissions (chmod +x) only if you trust these scripts. If you want to be extra cautious, install the skill in a sandboxed or project-level workspace (not a global/user-level settings file) and inspect .learnings contents before promoting entries to shared workspace files.
Review Dimensions
- Purpose & Capability
- okName/description (self-improvement / capture learnings/errors/feature-requests) aligns with the included files: reminder hook, small shell scripts to produce lightweight reminders, an extractor that scaffolds local skill files, and documentation. There are no unrelated requested binaries, env vars, or external services.
- Instruction Scope
- okSKILL.md instructs the agent to create and append to local .learnings/* files, avoid logging secrets, and optionally install an opt-in hook. The runtime instructions and scripts only read provided context (bootstrapFiles, CLAUDE_TOOL_OUTPUT) and create files under the workspace — all consistent with the stated logging/promotion purpose.
- Install Mechanism
- okNo install spec/payload download is present. The repository contains local scripts and hook handlers; scripts run locally and create files under the current workspace. No remote code fetches, URL downloads, or package manager installs are used.
- Credentials
- okThe skill declares no required env vars or credentials. The error-detector script reads CLAUDE_TOOL_OUTPUT (documented) to detect failures; this is proportional to its purpose but requires care because CLAUDE_TOOL_OUTPUT can contain sensitive output — the skill explicitly warns not to log secrets.
- Persistence & Privilege
- okalways:true is not set; the hook is opt-in and the handler only injects a virtual reminder file at agent bootstrap. Scripts write only to relative paths under the workspace/skills directories and the extractor validates and forbids absolute/.. paths. The skill does not modify other skills' configurations or request global privileges.