Skillv2.1.1

ClawScan security

Copy Editing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 7:28 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is generally consistent with a copy-editing tool, but its runtime instructions tell the agent to read a user file (.claude/product-marketing-context.md) even though no config path or file access is declared — this mismatch warrants caution.
Guidance: This skill appears to do what it says (copy editing) and includes a harmless readability script and reference list. The main concern is that the runtime instructions tell the agent to read a user-local file (.claude/product-marketing-context.md) for brand voice, but the skill metadata does not declare this config path. Before installing, confirm whether you have a .claude/product-marketing-context.md file and whether you want the skill to read it. If you don't want the agent reading arbitrary dotfiles, ask the skill author to (a) declare required config paths explicitly, (b) limit the path to a skill-scoped location, or (c) make reading that file opt-in. Also verify there are no hidden network endpoints or additional instructions (the included files show none).

Review Dimensions

Purpose & Capability: noteName, description, and included files (editing framework, plain-English alternatives, readability scorer) align with a copy-editing skill. However, the SKILL.md explicitly tells the agent to read .claude/product-marketing-context.md for brand context even though the registry metadata lists no required config paths or credentials — a mild inconsistency.
Instruction Scope: concernSKILL.md instructs the agent to read a specific user file (.claude/product-marketing-context.md) if it exists. That grants access to a user-local file outside the skill bundle; this file path was not declared in the skill's requirements. While reading a brand-context file is plausible for copy editing, the instruction gives the agent discretionary access to user files and should have been declared or scoped more narrowly.
Install Mechanism: okNo install spec — instruction-only with one benign Python script included. Nothing is downloaded or written to disk by an installer, so install risk is low.
Credentials: noteThe skill requests no environment variables or credentials (good). But it implicitly expects to read a config file at .claude/product-marketing-context.md; that file access is not declared in requires.config or similar, making the actual environment access broader than advertised.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable; it does not request autonomous permanent presence or elevated privileges. No evidence it modifies other skills or system-wide settings.