Skillv4.1.0

ClawScan security

Interior Proposal Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 17, 2026, 3:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is consistent with its stated purpose (an on‑premises PPT generator for interior design): it requires no credentials, has no network endpoints, and the included Python script and instructions match the described functionality.
Guidance: This appears to be a straightforward PPT generator. Before running: (1) review the bundled script yourself (it is included) to confirm no unexpected behavior; (2) run it in an isolated environment or virtualenv after installing python-pptx and Pillow from PyPI; (3) only point --images to folders you trust (images can contain sensitive content); (4) be aware the script may contain minor bugs (e.g., an undefined variable) that could cause it to fail—test with a small sample first. If you require higher assurance, request the author/source or a repository/homepage for provenance.

Purpose & Capability: okName/description (generate interior design proposal PPTs) align with the provided files: SKILL.md, design references, PPT outline, and a Python script that builds .pptx files. Required packages (python-pptx, Pillow) are appropriate for creating PPTX and handling images.
Instruction Scope: okSKILL.md instructs the agent/user to run the bundled Python script with project parameters and optional image folder. The instructions do not request unrelated files, credentials, or external data exfiltration. The script reads local images if provided (expected behavior). Note: the provided code appears to contain at least one coding bug (a truncated loop using an undefined variable 'enu') which may cause runtime errors—this is a quality issue, not malicious behavior.
Install Mechanism: okNo install spec is provided; SKILL.md suggests installing standard PyPI packages via pip (python-pptx, Pillow). This is a conventional, low-risk install approach. The skill ships a Python script as part of the bundle (no downloads from third-party URLs).
Credentials: okThe skill requests no environment variables, credentials, or config paths. The resources it accesses (local image folder, output path) are proportional to generating PPT files.
Persistence & Privilege: okSkill flags are default (not always: true). It does not request persistent elevated privileges or modify other skills or system config.