Skillv1.0.0

ClawScan security

Multimedia To Obsidian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 8, 2026, 9:56 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it claims (extract images and send them to multimodal models), but the package metadata omits required binaries and environment variables and it will upload raw image data to an external host (a default host that is not a well-known provider), which is unexpected and privacy-sensitive.
Guidance: This skill appears to implement its stated feature (extract images and call multimodal models), but there are mismatches and privacy concerns you should consider before installing: 1) Metadata omission — the registry claims no required binaries/env vars, but the SKILL.md and script require pandoc, poppler (pdftoppm), python-pptx, pillow, and likely LibreOffice ('soffice'); confirm and install these intentionally. 2) API keys — you must provide an API key for one of the providers; review which provider you trust. The script will upload raw image bytes (base64) to the chosen provider. Do NOT use this on sensitive documents unless you trust the destination. 3) Unknown default host — the default MINIMAX_API_HOST (https://api.minimaxi.com) is not a well-known vendor; verify this endpoint and its privacy/security policy before setting MINIMAX_API_KEY or leaving the default host. 4) Inspect and/or run in isolation — review the script (it is included) and consider running it on non-sensitive sample files or inside a disposable environment/container. 5) Fix metadata — if you plan to use it, request that the publisher update the registry metadata to list required binaries and env vars so users aren’t surprised. If you need higher assurance, prefer using a known provider (OpenAI/Anthropic) or a local/offline processing path for sensitive data.

Review Dimensions

Purpose & Capability: concernThe skill's description matches the code: it extracts pages/images and sends them to multimodal models, then writes Markdown into an Obsidian repo. However the registry metadata lists no required binaries or env vars while the SKILL.md and the script require pandoc, poppler (pdftoppm), python-pptx/pillow, and also call 'soffice' — this mismatch is incoherent and could surprise users. The network/API access (MINIMAX/OPENAI/ANTHROPIC) is appropriate for the stated purpose but the default MINIMAX_API_HOST is an unfamiliar domain.
Instruction Scope: noteRuntime instructions are within the task scope (install tools, set one of several model API keys, run the script). Important privacy-sensitive behavior: the script encodes image bytes as base64 and transmits them to third-party endpoints (MiniMax/OpenAI/Anthropic). That is expected for model calls but should be explicitly highlighted because sensitive documents will be uploaded. The SKILL.md omits that the script invokes 'soffice' and 'rm -rf' and does not warn about large uploads or rate/size limits.
Install Mechanism: noteThere is no automated install spec (lowest risk). The SKILL.md instructs manual installs via brew and pip (pandoc, poppler, python-pptx, pillow) which are reasonable. The script additionally calls 'soffice' (LibreOffice) and 'pdftoppm' but 'soffice' is not listed in prerequisites — this omission is inconsistent and may lead to runtime failures. No downloads from unknown URLs are performed by an installer.
Credentials: concernThe registry metadata declared no required environment variables, but both SKILL.md and the script require at least one API key (MINIMAX_API_KEY or OPENAI_API_KEY or ANTHROPIC_API_KEY). Requiring model provider API keys is proportionate to the task, but the default MINIMAX_API_HOST (https://api.minimaxi.com) is not a known major provider — sending base64 images to an unfamiliar host is a privacy/exfiltration risk. The number of env vars requested is reasonable, but the metadata omission is a red flag.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable. It writes Markdown files into the user-specified Obsidian directory and removes temporary files; it does not request system-wide configuration or modify other skills. No elevated persistence is requested.