Skillv1.0.1

ClawScan security

multimodal-parser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 3:28 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and dependency hints are consistent with a local multimodal file parser that uses common CLI tools (Tesseract, Poppler, Pandoc, Whisper); it does not request credentials or external endpoints, but it does execute local subprocesses and imports a remote Deno module at runtime so you should only run it in a trusted/sandboxed environment.
Guidance: What to consider before installing/using: - Trust & origin: the package has no homepage and an unknown source; run it only if you trust the author or after reviewing the code (you have the code). - Permissions & sandboxing: the skill uses Deno to run subprocesses and read files. Grant it only the minimal filesystem and subprocess permissions, or run in a sandbox/container. - Dependencies: it requires external CLI tools (tesseract, pdftotext/poppler, pandoc, whisper, ffmpeg). Install those from official package repositories to avoid malicious binaries. - Network/supply-chain: the code imports zod from deno.land at runtime — this fetch is expected but is a supply-chain/network fetch; if you need offline assurance, vendor the dependency or audit the fetched module. - Data sensitivity: the skill processes user-provided files locally and does not appear to transmit results externally, but avoid testing on highly sensitive files until you confirm runtime permissions and behavior in your environment. - Sanity checks: test on non-sensitive sample files first; verify produced outputs and any error messages. If you need stronger assurance, run the code in an isolated VM and/or review and pin remote dependency versions.

Review Dimensions

Purpose & Capability: okName/description match the implementation: the code implements OCR, PDF/docx conversion and audio transcription via tesseract/pdftotext/pandoc/whisper. The SKILL.md's suggested dependency list aligns with what the code invokes.
Instruction Scope: noteRuntime instructions and README ask you to install system packages; the code runs those external CLI tools on a user-supplied file path and reads file metadata. It does not attempt to read unrelated system files, access credentials, or send data to remote endpoints, but it will require filesystem read permissions and the ability to spawn subprocesses.
Install Mechanism: okNo automated install spec is provided (instruction-only for installing system packages). The code imports zod from deno.land at runtime (remote module fetch), which is normal for Deno but is a supply-chain/network fetch to be aware of.
Credentials: okThe skill declares no environment variables, no credentials, and no config paths. The code does not reference any hidden env vars or secrets.
Persistence & Privilege: okalways:false and default invocation settings. The skill does not persist or modify other skills or global configuration; it only executes when invoked and uses local subprocesses/IO.