Back to skill
Skillv0.1.0
ClawScan security
Divide Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 15, 2026, 11:15 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's decomposition instructions match its name, but it directs the agent to call undeclared external tools (create_wiki_document, submit_result, and a web-reading tool) that could transmit user data, and those tool accesses are not declared or justified.
- Guidance
- Before installing or enabling this skill, ask the publisher to clarify which tools and endpoints the skill will call (specifically create_wiki_document and submit_result) and where submitted documents are stored. Confirm whether any platform credentials or tokens will be used and if the skill will automatically send user content without explicit consent. If you plan to use the skill with sensitive information, insist on (a) explicit declaration of required tools/credentials in the manifest, (b) a prompt/confirmation step before any external submit action, or (c) a version that only returns the decomposition to you (no automatic submission). If you cannot obtain those guarantees, test the skill in a sandboxed environment or avoid using it with confidential data.
Review Dimensions
- Purpose & Capability
- okThe skill name and description (Divide Agent) align with the SKILL.md: it instructs the agent to perform MECE two-layer decomposition and produce a mermaid tree diagram. There are no unrelated binaries, credentials, or install steps required in the manifest.
- Instruction Scope
- concernThe runtime instructions require using a 'web page reading tool' for research and explicitly call two tools: create_wiki_document and submit_result to write and submit the decomposition. Those tools/endpoints are not declared in the skill metadata. Invoking them may transmit user-provided or contextual data to external systems; the instructions also instruct the agent to 'fill in the wiki document' and attach files, which is data-export behavior not documented or justified by the manifest.
- Install Mechanism
- okInstruction-only skill with no install spec: nothing is written to disk or downloaded during installation, which is low risk and consistent with the manifest.
- Credentials
- noteThe skill declares no required environment variables or credentials. However, the instructions rely on tools that typically require endpoints/credentials (wiki/document submission and web-reading). Because these are not declared, it's unclear what permissions/credentials will be used; the platform-provided tools might have access to external services and credentials, so the manifest under-represents the actual data flow and privileges.
- Persistence & Privilege
- okFlags show always:false and no OS restrictions. The skill doesn't request persistent installation or modification of other skills or system configs in the manifest or SKILL.md.