conatus

This SKILL description is functionally coherent and aligned with its stated purpose: computing a 'conatus' score from agent telemetry and producing local narrative reflections. I found no evidence in the provided content of credential harvesting, remote exfiltration, command injection, obfuscated payloads, or autonomous actions with real-world effects. The primary security concerns are (1) use of a nonstandard installer command ('clawhub install conatus') which requires trusting the clawhub distribution channel and increases supply-chain risk, and (2) the skill's need to read and write agent memory files — which could expose sensitive data if memory is not scoped or redacted. Mitigations: verify the clawhub source, review the package before installation, and ensure the skill is configured to avoid ingesting secrets or sensitive memory entries. Overall, the artifact appears benign but with moderate supply-chain and data-exposure considerations.