Skillv1.0.0

ClawScan security

AI-review · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 24, 2026, 11:21 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, referenced style guides, and required actions are coherent with its stated purpose of reading content and producing structured reviews.
Guidance: This skill appears to do what it says: fetch or read user-provided URLs/files, extract text (PDFs via curl + pdftotext), apply a local style guide, and emit a fixed Markdown table. Before installing or using it: (1) be aware it will download any URL you give it — do not provide private or sensitive links unless you intend that content be fetched; (2) avoid giving it paths to sensitive local files (it will read files you point it at); (3) the skill expects tools like pdftotext, curl, and browser navigation actions to be available — if those aren't installed the skill may fail; (4) no credentials or external endpoints are hardcoded, and there is no install step, so the footprint is minimal. If you want extra safety, run it in a restricted environment or review the skill's runtime tool permissions before use.

Purpose & Capability: okName/description (read URLs/files and generate structured reviews) matches the instructions and included reference style guides. The use of browser navigation, text extraction for PDFs, and local style guide files is expected for this use case.
Instruction Scope: noteInstructions stay within the stated purpose (read a URL/file, classify, extract key fields, apply a style guide, output a fixed Markdown table). They explicitly call external tools (browser_navigate, browser_scroll, curl + pdftotext, file read, manus-speech-to-text). This is coherent, but it relies on those tools being present and will download whatever URL the user provides — so avoid giving sensitive local paths or private URLs unless intended.
Install Mechanism: okInstruction-only skill with no install spec and no code files, so nothing is written to disk by the skill itself. Lowest install risk.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The only filesystem references are to the skill's own included style guide files and to user-supplied input paths/URLs, which is proportional to its purpose.
Persistence & Privilege: okThe skill does not request persistent presence (always: false) and does not modify other skills or system-wide settings. disable-model-invocation is false (agent may call autonomously), which is the platform default and not concerning here given no other red flags.