Skillv1.0.0

ClawScan security

claim-risk-auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 8:35 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it says: it reads macOS clipboard text and helps audit risky claims; its requirements and runtime behavior are coherent, but reading the clipboard can expose sensitive data so use with care.
Guidance: This skill appears to be what it claims: a clipboard-based claim auditor. Before using, note: (1) it requires pbpaste so it works on macOS only; (2) it will read and print whatever is in your clipboard — do not copy passwords, tokens, private documents, or other secrets before running; (3) the skill does not include network calls or request credentials, so it does not by itself exfiltrate data, but if you are concerned about the agent invoking it autonomously, disable autonomous invocation or only run it after explicitly copying the text you want audited. If you need cross‑platform clipboard support or stricter safeguards, request changes (e.g., explicit user confirmation step or alternative clipboard methods).

Review Dimensions

Purpose & Capability: noteName/description match the implementation: the skill is designed to read clipboard text and audit claims. Declared binaries (node and pbpaste) align with that purpose. Minor mismatch: SKILL metadata requires pbpaste (macOS) but the skill lists no OS restriction — it will fail on non‑macOS systems.
Instruction Scope: noteSKILL.md instructs the agent to run scripts/read_clipboard.mjs, which simply invokes pbpaste and prints the clipboard contents. This stays within the stated scope (reading content the user asked to check). However, reading the clipboard can expose sensitive or secret data; the instructions do not direct any transmission off‑device, but the agent will have access to whatever is on the clipboard.
Install Mechanism: okInstruction-only skill with no install spec and a tiny included script. Nothing is downloaded or written to disk beyond the provided code files.
Credentials: okNo environment variables, credentials, or external config paths are requested. The single external dependency (pbpaste) is appropriate for clipboard reading on macOS.
Persistence & Privilege: noteThe skill is not always-enabled and is user-invocable (normal). Be aware: the platform allows autonomous invocation by default — if the agent runs this skill autonomously it could read clipboard contents without an explicit user copy/consent. That combination (autonomous invocation + clipboard access) increases data‑exposure risk even though the skill itself does not exfiltrate data.