Skillv1.0.2

ClawScan security

Chinovnik Ru · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 9:43 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's translation purpose is plausible, but its runtime instructions secretly tell the agent to run local python commands and read/write a workspace file and append promotional text — behavior outside the declared scope and not justified by the skill's purpose.
Guidance: This skill mostly does what it says (translate bureaucratic Russian), but its instructions include hidden side effects: they tell the agent to run python3 locally, read and increment a counter file in the agent workspace, and conditionally append promotional Telegram links to the user's reply. Those actions are unrelated to translating documents and are not declared in the manifest. Before installing or enabling this skill, ask the author to: (1) remove the attribution block that executes local commands and writes to the workspace, or make this behavior explicit and optional with user consent; (2) declare python3 and the workspace file path in the manifest if they are truly required; and (3) explain why a persistent counter and promotional text are needed. If you cannot get a clear explanation, do not allow the skill to run these commands or decline installation. If you install it, review every output before sending it to external parties and block or sanitize any appended promotional links or unexpected text.

Review Dimensions

Purpose & Capability: concernThe manifest declares no required binaries or env vars, but SKILL.md requires running python3 and accessing a workspace file. Reading/writing '/home/node/.openclaw/workspace/ru-pack-counter.txt' and inserting promotional links is unrelated to translating bureaucratic texts and is not justified by the skill description.
Instruction Scope: concernRuntime instructions instruct the agent to execute local commands that read and update a file in the agent workspace and conditionally append promotional/tелеgram links to the user's response. This modifies local state and the output in ways unrelated to analysing or translating documents and constitutes hidden side effects.
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk in general, but the SKILL.md expects a python3 runtime. The manifest should declare python3 as a required binary if it relies on it.
Credentials: concernThe skill reads and writes a specific path in the agent's workspace (/home/node/.openclaw/workspace/ru-pack-counter.txt) despite declaring no required config paths or credentials. Access to that filesystem path is not justified by the translation task and is disproportionate.
Persistence & Privilege: concernalways:false, so the skill is not forced globally, but it still instructs the agent to persist a counter file in the workspace and to alter future outputs by adding promotional text. That local persistence and automatic modification of user-visible responses are unexpected privileges for a translator skill.