policy-to-checklist
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent and simply reads clipboard text to help convert policy-like documents into checklists, but users should invoke it only when the clipboard contains the intended text.
Before installing or invoking this skill, make sure you are comfortable with it reading your current clipboard. It appears benign and purpose-aligned, but you should copy only the policy, notice, rule, or requirement text you want converted into a checklist.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the skill can read whatever text is currently on the local clipboard.
The script executes a local shell command to read the macOS clipboard. This is disclosed and purpose-aligned, but local command execution is still a capability users should notice.
return execSync("pbpaste", { encoding: "utf8" }).trim();Use it only after copying the document you want processed, and avoid invoking it when the clipboard may contain passwords, tokens, or unrelated private text.
Clipboard text becomes visible to the agent session and may influence the generated checklist.
The clipboard contents are printed for the agent to use as context. That is needed for the skill, but copied documents may contain sensitive data or embedded instructions that should be treated as untrusted input.
console.log("===CLIPBOARD_TEXT_BEGIN===");
console.log(text);
console.log("===CLIPBOARD_TEXT_END===");Copy only the intended source document, and treat any instructions inside that document as content to summarize rather than commands to follow.