ClawHub

Blind Review Sanitizer

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local manuscript anonymization helper with expected file read/write and Python execution behavior, but users should review paths and the optional DOCX dependency before running it.

This skill is reasonable for local blind-review preparation. Before using it, confirm the manuscript path, choose a safe output location, keep sensitive drafts in the approved workspace, and manually review the result because automated anonymization may miss metadata, figures, headers, or indirect identity clues.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI05: Unexpected Code Execution
Low
What this means

Running the skill executes local Python code that reads and rewrites manuscript content.

Why it was flagged

The skill is designed to run a local Python script. This is disclosed and directly supports the anonymization workflow.

Skill content
python scripts/main.py --help
Recommendation

Run it only from the installed skill directory and review the requested input and output paths before execution.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

A wrong input path could process the wrong local file, and a wrong output path could overwrite or place sensitive content somewhere unintended.

Why it was flagged

The script accepts local file paths and writes a sanitized output file. This is expected, but path selection controls what local content is read and where output is written.

Skill content
`--input`, `-i` | string | Yes | - | Input manuscript file path (`.docx`, `.md`, `.txt`); `--output`, `-o` | string | No | auto-generated
Recommendation

Provide only the intended manuscript path, review the output path, and keep the generated file in an approved workspace.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Installing the wrong optional package could make DOCX processing fail or introduce an unintended dependency.

Why it was flagged

The dependency file lists `docx`, while the skill documentation and source guidance refer to `python-docx`; this could confuse installation of the optional DOCX parser.

Skill content
docx
Recommendation

If DOCX support is needed, verify and install the intended `python-docx` package from a trusted package index.