Back to skill
Skillv0.1.0
ClawScan security
Cjl Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 4, 2026, 2:59 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin's declared capabilities (paper reading, card generation, slide generation, etc.) match what its instructions and bundled scripts do; it requires running local tools and writing files but asks for no unexpected credentials.
- Guidance
- This collection appears internally consistent with its stated purposes, but before installing or running anything: 1) Review the bundled scripts you plan to use (especially html-to-pptx.py and any deploy.sh) so you know what will be executed and what files will be written. 2) Be prepared to install Node.js + Playwright (cjl-card) and python-pptx or other Python deps (slides conversion); these installers will fetch browsers and packages from upstream. 3) Expect the skills to read/write files under ~/.claude/skills/ and ~/Documents/notes/ and to fetch remote URLs and CDNs (Chart.js, arXiv). If any documents are sensitive, avoid pointing the skill at them. 4) If you plan to use the optional deploy feature, inspect deploy scripts first and ensure no credentials are embedded; supply deployment tokens only when you control a safe environment. 5) If you want extra safety, run the skill in an isolated environment (limited user account or sandbox) or inspect/execute the scripts manually rather than allowing autonomous execution.
Review Dimensions
- Purpose & Capability
- okThe skill collection's name/description (research, content cards, slides, writing, relationship analysis, etc.) aligns with the instructions and code: reading PDFs/URLs, WebFetch, generating org-mode notes, producing PNG/HTML/.pptx outputs and scanning local skill folders. Dependencies mentioned in the docs (Node.js + Playwright for cjl-card, python-pptx for PPTX handling) are consistent with the functionality.
- Instruction Scope
- noteRuntime instructions routinely read and write user files (e.g., ~/Documents/notes/, ~/.claude/skills/), run local scripts (node capture.js, python scripts), and perform WebFetch/network operations (arXiv, CDNs). This behavior is expected for these skill types, but it does grant the skill the ability to access local documents and remote URLs — review any files you don't want read/written and be aware network access is used (Chart.js CDN, WebFetch).
- Install Mechanism
- noteThere is no formal install spec (instruction-only plugin) — lowest installer risk. Two Python scripts are bundled (extract-pptx.py shown) and other scripts (html-to-pptx.py, capture.js) exist; running features will require installing standard third-party packages (playwright downloads browsers, python-pptx for PPTX). No suspicious external download URLs were found in the provided files, but Playwright and package installs will fetch upstream artifacts (browsers, pip packages) which is expected but worth noting.
- Credentials
- okThe skill declares no required environment variables or credentials. It does request access to local file paths (skill dir, Documents, Downloads) and network fetches, which are proportionate to tasks like saving notes, extracting PPTX contents, and fetching remote paper pages or CDNs. No unrelated secret or cloud credentials are requested.
- Persistence & Privilege
- okPlugin does not request always:true and is user-invocable. It does not modify other skills' configurations in the provided instructions. Some ops (e.g., optional deploy script) could perform network deployments if invoked — the docs describe asking the user before deployment.