Proofreader

PassAudited by ClawScan on May 10, 2026.

Overview

The proofreader skill is mostly straightforward and local, but one bundled generic helper script can create local logs/data that are not clearly described in the main skill text.

This looks safe for normal proofreading use. Before using any command-line wrapper, check whether it runs the purpose-built proofread.sh script or the generic script.sh helper, and avoid passing sensitive text to commands that write local logs.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI01: Agent Goal Hijack

What this means

A document containing prompt-like instructions could affect the proofreading response.

Why it was flagged

The script places the text being proofread directly into the prompt. That is expected for proofreading, but untrusted text could contain instructions that a model might mistakenly follow instead of treating as document content.

Skill content

### 待校对文本
PROMPT
    if [ -n "$INPUT" ]; then
      echo ""
      echo "$INPUT"

Recommendation

When proofreading untrusted text, keep it clearly delimited and instruct the agent to treat the document as content only, not as instructions.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

If this helper is exposed as the command-line entry point, users may get behavior unrelated to proofreading.

Why it was flagged

The bundled script is a generic utility rather than a proofreading prompt generator, and its commands are not described in the main SKILL.md proofreading command list.

Skill content

# proofreader - Multi-purpose utility tool
...
Commands:
  run
  config
  status
  init
  list
  add
  remove
  search
  export

Recommendation

Prefer the purpose-specific proofreading commands in scripts/proofread.sh, and verify how any installed `proofreader` launcher is wired before relying on it.

Low

#ASI06: Memory and Context Poisoning

What this means

Sensitive text passed to the generic helper commands could remain on local disk.

Why it was flagged

The helper creates persistent local files and can store user-provided arguments in data.log and command history in history.log.

Skill content

DATA_DIR="${PROOFREADER_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/proofreader}"
DB="$DATA_DIR/data.log"
mkdir -p "$DATA_DIR"
_log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; }
cmd_add() {
    echo "$(date +%Y-%m-%d) $*" >> "$DB"

Recommendation

Avoid using the generic add/logging commands for sensitive documents, or review and delete the local proofreader data directory if persistence is not desired.