Skillv1.0.0

ClawScan security

reply-coach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 11, 2026, 8:04 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (reading the clipboard and emitting its text for reply generation); it's simple and local, but be careful not to copy sensitive secrets into your clipboard before using it.
Guidance: This skill is simple and appears to do exactly what it says: read clipboard text and print it for the agent to turn into reply suggestions. Before installing/using it: (1) Be aware it relies on pbpaste, so it only works out-of-the-box on macOS. (2) Do not copy passwords, API keys, private tokens, or other secrets into your clipboard before invoking the skill — the script prints the raw clipboard contents and those could be included in prompts or logs. (3) The code uses node's child_process to run pbpaste; that is expected here but you can review the short script (scripts/reply_from_clipboard.mjs) yourself to confirm. (4) If you want cross-platform usage, request or modify a variant that uses platform-appropriate clipboard tools (e.g., xclip/xsel on Linux, powershell Get-Clipboard on Windows). If you need formal guarantees about data staying local, verify the agent's runtime doesn't transmit logs/prompts to external services or add explicit filtering/sanitization of clipboard contents.

Purpose & Capability: okName/description say: read clipboard and produce reply suggestions. Declared required binaries (node, pbpaste) and the included script exactly implement reading macOS clipboard and printing it. The macOS-only dependency (pbpaste) is coherent with the intended behavior but limits platform compatibility.
Instruction Scope: noteSKILL.md instructs the agent to run the included script which reads the clipboard and prints the text with markers. That stays within the stated purpose. However, the skill does not filter clipboard contents or warn about secrets: any sensitive data copied to the clipboard would be emitted to stdout and could be included in prompts sent to the model or logged by the agent. The skill does explicitly say it does not auto-send messages, which aligns with behavior.
Install Mechanism: okNo install spec (instruction-only plus a small bundled script). Nothing is downloaded at install time and the only runtime action is invoking pbpaste via node child_process. No external URLs or archive extraction are involved.
Credentials: okThe skill requests no environment variables, credentials, or config paths. This is proportionate to its simple clipboard-reading purpose.
Persistence & Privilege: okalways is false and the skill does not request elevated or persistent platform privileges. It does not modify other skills or system configuration.