Skillv1.0.0

ClawScan security

Anime Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 5:51 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's content and requested resources are coherent for an anime/illustration assistant, but the SKILL.md contains hidden Unicode control characters (a prompt-injection signal) which is unexpected and should be inspected before use.
Guidance: What to consider before installing: - The skill content itself is coherent for an anime/illustration assistant and has no install steps or credential requests, which limits conventional risks. - However, the SKILL.md contains hidden Unicode control characters (a known prompt-injection signal). Those characters can be used to hide or alter instructions that a model follows. Ask the publisher for a clean copy or inspect the raw SKILL.md (view with a hex/visible-control-character viewer) to confirm nothing malicious is embedded. - Because the skill is instruction-only and requests no credentials, the immediate risk of secret exfiltration or system compromise is low — but hidden instructions could influence model outputs or cause undesired behavior, especially if you allow autonomous invocation. - If you plan to enable it broadly, test it in a restricted/sandboxed environment first and avoid granting it access to other private systems or secrets. If you see unclear or oddly worded prompts in the raw file, do not install and request clarification from the author. If you want, I can: (1) produce a sanitized version of the SKILL.md with control characters removed, or (2) show how to detect and display hidden control characters locally (commands for a terminal) so you can inspect the file yourself.
Findings: [unicode-control-chars] unexpected: Hidden/invisible Unicode control characters were detected in SKILL.md. They are not necessary for a creative-assistant instruction file and can be used to obfuscate or steer model behavior (prompt-injection). This may be accidental formatting, but it warrants manual review of the raw SKILL.md to see what characters and placements are present.

Review Dimensions

Purpose & Capability: okName, description, and runtime instructions all describe a creative assistant for anime/illustration; there are no unexpected binaries, environment variables, or config paths requested — the declared purpose matches the actual requirements.
Instruction Scope: noteInstructions are limited to providing creative guidance, workflows, examples, and tool recommendations and do not ask the agent to read files, access credentials, or call external endpoints. However, the SKILL.md contained unicode-control-chars (hidden/invisible characters) which can be used to hide or manipulate instructions and is an unusual artifact in an otherwise straightforward instruction file.
Install Mechanism: okNo install spec and no code files are present (instruction-only). This minimizes filesystem and network risk because nothing will be downloaded or executed as part of installation.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths — this is proportionate for a purely instructional creative assistant.
Persistence & Privilege: okalways is false and the skill is user-invocable (defaults). It does not request persistent system privileges or to modify other skills. Autonomous invocation is allowed by default but not, by itself, a concerning factor here.