Skillv1.0.0

ClawScan security

Axi Send File · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 3:46 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and behavior are coherent with its stated purpose (convert workspace files to Telegram-downloadable PDFs/ZIPs), but it asks the agent to install a PyPI package without a pinned version and uses a pip flag that can affect the environment — review that before running.
Guidance: This skill appears to do what it says: convert workspace files to PDF/ZIP and instruct OpenClaw to deliver them via Telegram. Before using it, consider: 1) The SKILL.md asks the agent to run 'pip install mdpdf' without a pinned version and with --break-system-packages — that will fetch code from PyPI and run install-time code which can affect your environment. Prefer installing and auditing mdpdf yourself (and pin a version) instead of letting the agent install it automatically. 2) The skill will read files from your workspace and /tmp and produce files there for delivery — avoid using it on sensitive files unless you trust the destination/channel. 3) If you want stricter control, pre-install mdpdf, ensure /tmp paths are acceptable, and confirm that MEDIA: delivery aligns with your privacy expectations.

Review Dimensions

Purpose & Capability: okThe name/description (send files for Telegram) match the SKILL.md instructions: convert markdown to PDF, zip multiple files, and output MEDIA:/path lines for OpenClaw to deliver via Telegram. The referenced file roots (/tmp, workspace, ~/.openclaw/media) align with the delivery mechanism.
Instruction Scope: noteInstructions stay within the stated purpose (convert files and create MEDIA: lines). They do instruct the agent to run 'pip install --user --break-system-packages mdpdf' (no version pin) and to write files under /tmp or user local bin; installing packages from PyPI and altering the local Python environment is out-of-band for a simple converter and can execute code during install. This is expected for enabling mdpdf but is a security/operational consideration.
Install Mechanism: noteThere is no formal install spec in the registry (instruction-only). The SKILL.md directs a runtime pip install from PyPI (moderate-risk installation). Using PyPI is common for this functionality, but the package and version are not pinned and the command includes --break-system-packages which can change the local environment — this increases risk compared with a declared, audited install step.
Credentials: okThe skill requests no environment variables, credentials, or config paths in the registry. The only environmental access is to workspace and /tmp files (appropriate for file conversion/delivery). No unrelated secrets or services are requested.
Persistence & Privilege: okThe skill is instruction-only, not always-enabled, and does not request persistent or elevated privileges or modify other skills. It does advise installing a user-scoped Python package, which affects the user's environment but is limited to the user's account.