Skillv1.0.0

ClawScan security

All Documents QA · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 2, 2026, 6:23 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (extract text from DOCX/TXT/XLSX and delegate PDFs to an external PDF-reader skill) and request no credentials, but you should verify the external PDF reader and be cautious with sensitive documents because the skill runs local scripts and prints full extracted text.
Guidance: This skill behaves as a local document-extraction/QA helper and appears coherent, but take these precautions before installing or running it: 1) Inspect the sibling PDF reader it calls (iyeque-pdf-reader-1.1.0/reader.py) — the skill will execute that script if present, so ensure it is trusted. 2) Do not feed sensitive/private documents unless you trust the environment and the PDF reader, because the scripts print full extracted text to stdout which becomes the model context. 3) Install required Python libraries in a controlled environment (virtualenv) to avoid supply-chain risks. 4) Consider running the code in an isolated container or sandbox the first time, and review any third-party skills in your workspace for unexpected network or file-access behavior. If you can provide the contents of the PDF reader's reader.py, I can re-evaluate with higher confidence.

Review Dimensions

Purpose & Capability: okName/description (Document Q&A) align with the included scripts: extract_txt.py, extract_docx.py, extract_excel.py, process_folder.py, and run_qa.py. The PDF extraction is delegated to a named sibling skill (iyeque-pdf-reader-1.1.0), which is consistent with the SKILL.md note. Declared dependencies (pandas/openpyxl, python-docx) match the code.
Instruction Scope: noteSKILL.md instructs running run_qa.py which calls process_folder.py to extract text and then prints context markers and the QUESTION. The scripts operate only on the provided file/folder path. However, process_folder.py uses subprocess.run to execute a sibling PDF reader script (reader.py) if present: that delegates PDF handling to another skill and executes local code. The skill prints the full extracted text to stdout (which becomes the model's context), so sensitive content will be exposed to the agent's model input/output.
Install Mechanism: okNo install spec is provided (instruction-and-script-only). No downloads or package installs are automated by the skill. The only install-time concern is that users may need to pip-install expected Python libs (python-docx, pandas, openpyxl, PyPDF2) as documented.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That is proportionate to its stated purpose. The code does execute local scripts via subprocess, but does not attempt to read unrelated env vars or secrets.
Persistence & Privilege: okalways is false and there is no self-modifying or cross-skill configuration. The skill does execute local scripts but does not request permanent presence or elevated platform privileges.