Skillv1.0.0

ClawScan security

LaTeX Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 3:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (generate and compile LaTeX), but there are clear implementation and metadata inconsistencies (missing required binary in metadata, truncated/incorrect code references) and a LaTeX compilation surface that can execute code if TeX is configured with shell escape — the user should review and sandbox before using.
Guidance: Things to consider before installing or running this skill: - Metadata mismatch: The skill metadata lists no required binaries but the code requires a TeX engine (xelatex). Ensure you have TeX Live or MiKTeX installed before using it. - Incomplete / inconsistent code: The provided source shows problems (a truncated section in latex_generator.py and cross-file references that likely will raise ImportError or NameError, e.g., body_builder.py imports a module-level escape_latex that doesn't exist). Treat the bundle as potentially non-functional until you or the author fixes these issues. - LaTeX compilation is a potential execution surface: TeX can execute external commands via mechanisms like \write18 if shell-escape is enabled. The build invocation does not explicitly enable shell-escape (which is good), but if your TeX installation is configured to allow it, compiling untrusted LaTeX could execute commands. Only compile LaTeX from trusted sources, or run the builder in a restricted/sandboxed environment (container, VM, or isolated user account) when handling untrusted input. - Templates directory: TemplateManager expects a templates/ directory relative to the skill. If the templates are not bundled, template lookups will fail. Verify that required template files are present and review any custom .cls files before using them. - Run in a sandbox first: Because of the code issues and the LaTeX execution surface, test the skill in a disposable environment (container/VM) and review templates and the full latex output source before compiling PDFs for untrusted content. If you want, I can: (a) point out the exact lines where imports will fail or where truncation occurs, (b) propose fixes for the broken references, or (c) generate a safe checklist for sandboxing LaTeX compilation on your system.

Review Dimensions

Purpose & Capability: concernThe skill's name/description (LaTeX generation + PDF compilation) aligns with the provided code: template management, LaTeX generation, and PDF building are implemented. However the registry metadata claims 'Required binaries: none' while the code requires a TeX engine (DEFAULT_COMPILER = 'xelatex') and checks for it at runtime. That mismatch (metadata says no binaries; runtime needs xelatex/TeX Live or MiKTeX) is an incoherence the user should note.
Instruction Scope: noteSKILL.md describes only template selection, LaTeX generation, and compilation — which matches the code. The runtime instructions and code do not access external network endpoints or require secrets. However: (1) LaTeX compilation can be a security surface because TeX can execute shell commands when shell-escape is enabled; the code invokes xelatex without passing a shell-escape flag (no explicit '--shell-escape'), which generally reduces that risk, but a TeX installation could still allow execution depending on config. (2) Several implementation-level issues appear in the source: a truncated section in latex_generator.py and cross-file reference errors (e.g., body_builder imports a module-level escape_latex which does not exist), indicating the code as packaged may not run as-is.
Install Mechanism: okThere is no install spec (instruction-only + bundled scripts). That is low-risk from an install/download perspective because nothing is fetched from arbitrary URLs during install. The package includes source files in the skill bundle; no external installer is specified.
Credentials: okThe skill declares no required environment variables or credentials and the code does not request secrets. The only external dependency is a system TeX binary (xelatex) and optionally font packages; those are reasonable for the claimed functionality. No unrelated credentials or environment access are requested.
Persistence & Privilege: okThe skill does not request 'always: true' and is user-invocable. It does not modify other skills or system-wide agent settings. It runs local file operations (writes tex to a temp dir, may save PDF), which are appropriate for its purpose.