ClawHub
Back to skill
v1.0.2

openmath-open-theorem

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:40 AM.

Analysis

This skill appears purpose-aligned for querying OpenMath and creating local theorem scaffolds, with normal external API, local file-writing, and persistence considerations to review.

GuidanceThis skill is reasonable to install if you trust the OpenMath service and are comfortable with Python scripts making network requests and writing local scaffold files. Prefer project-scoped config unless you want preferences reused globally, review downloaded Lean/Rocq files before running proof tools, and avoid using --force unless you have confirmed the target directory is safe to replace.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/download_theorem.py
parser.add_argument("--force", action="store_true", help="Replace the target directory if it already exists."); ... shutil.rmtree(project_dir)

The download helper can recursively replace the chosen output directory when --force is used. This is disclosed and not the default, but it is a local destructive capability users should handle carefully.

User impactIf --force is used with the wrong output path, existing local files in that directory could be deleted.
RecommendationUse the default tmp output location or a clearly dedicated folder, and require user confirmation before using --force on any existing directory.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none; Required binaries (all must exist): none; No install spec — this is an instruction-only skill; Code file presence: 6 code file(s)

The artifacts include visible Python helper scripts but have limited provenance metadata and do not declare python3 as a required binary even though SKILL.md commands invoke it.

User impactThe code is available for review, but users have less external provenance information and may not get an install-time warning if python3 is unavailable.
RecommendationReview the included scripts before installation and prefer a registry entry that declares runtime requirements and source provenance.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
references/init-setup.md
User | `~/.openmath-skills/openmath-env.json` | Reused across repositories

The setup flow can persist a preferred-language configuration globally, so future uses of the skill may be influenced by saved state outside the current repository.

User impactA global preference can affect theorem discovery in later projects, which may be surprising if different repositories need different languages.
RecommendationUse project-scoped configuration for repository-specific work, and review or remove the global config if behavior seems unexpected.
Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
scripts/download_theorem.py
theorem_code = theorem.theorem_code or ...; theorem_file.write_text(theorem_code.rstrip() + "\n", encoding="utf-8")

The skill writes remote theorem source from the OpenMath API into local Lean/Rocq files for later use. This is core to the purpose, but the downloaded content should be treated as untrusted until reviewed.

User impactGenerated theorem files may contain remote content that will later be read by the agent or proof tooling.
RecommendationReview downloaded theorem source and imports before running proof/build tools or asking the agent to act on generated files.