Skillv1.0.0

ClawScan security

Windows剪贴板管理器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 28, 2026, 7:29 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a clipboard manager consistent with its description, but there are minor technical inconsistencies and a meaningful privacy risk from continuous clipboard monitoring that you should understand before installing.
Guidance: Before installing, consider these points: - Privacy: this skill continuously reads your clipboard and keeps a history. Anything you copy (passwords, tokens, personal data) could be captured. Only install if you are comfortable with that and trust the runtime environment. - Network risk: the SKILL.md does not send data externally, but if the agent or host has network access, captured clipboard data could be transmitted by other components. Ensure the agent is not allowed to exfiltrate data or audit network activity. - Dependencies & installation: the skill expects pyperclip and Pillow but has no formal install spec. Make sure those packages come from trusted sources (pip from PyPI) and install them in an isolated environment (virtualenv). - Platform correctness: the skill labels itself Windows-specific but doesn't enforce OS restrictions and uses pyperclip for images in a way that may not work. Test in a safe environment first. - Code hygiene: there are minor coding errors (missing imports, questionable image-handling approach). Review and, if necessary, correct the code before running. Consider adding redaction/filtering rules (e.g., skip clipboard contents matching password patterns), limits on history retention, and explicit opt-in for monitoring. - Operational posture: do not enable as always-on in untrusted environments. If you need persistent history, prefer an encrypted, disk-backed store with a clear retention policy and explicit user consent.

Review Dimensions

Purpose & Capability: noteThe declared purpose (Windows clipboard manager) matches the provided code and dependencies (pyperclip, Pillow). However: (1) the registry lists no OS restriction even though the skill is Windows-focused; (2) the SKILL.md shows image handling via pyperclip, but pyperclip is primarily text-focused and typically doesn't provide raw image bytes on all platforms—this is a functional mismatch; (3) small coding inconsistencies exist (e.g., datetime used without import). These are technical mismatches rather than clear malicious intent.
Instruction Scope: concernThe instructions direct the agent to read and write the system clipboard and to run a clipboard monitor that samples content every 0.5s and stores history in memory. That behavior is intrinsic to a clipboard manager, but it also means the skill will capture any clipboard content (including passwords, tokens, private data). The SKILL.md does not include any guidance on filtering, redaction, encryption, or limits on what is stored or how long history is kept, increasing privacy risk. There are no steps that transmit clipboard data off-device in the doc, but the captured data could be exposed if the agent or environment has network access.
Install Mechanism: noteThis is an instruction-only skill with no install spec. The frontmatter's metadata notes python dependencies (pyperclip, Pillow) and the SKILL.md suggests installing them with pip, but the registry has no formal install step. That means runtime will rely on the agent environment to already have those packages or will need to pip-install them ad hoc—this can cause failures or hidden runtime installs if not managed explicitly.
Credentials: noteThe skill requests no environment variables or credentials, which is appropriate. However, clipboard contents are often sensitive; the skill's behavior (unrestricted monitoring and history) is disproportionate from a privacy standpoint unless the user explicitly consents and understands the storage/retention policy. No explicit instructions are provided to avoid capturing secrets.
Persistence & Privilege: noteThe skill is not marked always:true and does not request system-wide config changes. Autonomous invocation is allowed (platform default). Combined with the monitoring behavior, autonomous invocation could increase exposure (the skill can run and capture clipboard contents without a user performing every action). The skill does not claim to write persistent files, but the SKILL.md does not specify that history is transient or in-memory-only across restarts.