Skillv1.0.0

ClawScan security

newpaper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 1:18 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (convert a paper PDF to PPTX/HTML) matches what the instructions do, but there are several risky and inconsistent behaviors you should review before installing or running it (cloning a GitHub repo into your current directory, installing arbitrary Python dependencies, and asking you to provide API keys even though the registry metadata doesn't declare them).
Guidance: Before running this skill, review and reduce risk: 1) Inspect the GitHub repository (https://github.com/caoxinran102-sys/Paper2Poster) manually — do not blindly run the clone+install steps. 2) Do NOT clone into your current working directory with '.', instead clone into a dedicated empty folder so existing files cannot be overwritten. 3) Run the code in an isolated environment (container/VM) or at minimum a dedicated conda environment to contain side effects. 4) Review requirements.txt and repository code for any network/exfiltration behavior before pip installing; prefer pinned, audited dependencies. 5) Use least-privilege API keys (create a dedicated key with limited scope/quotas) and avoid storing long-lived secrets in plaintext; consider using ephemeral or restricted keys and remove .env after use. 6) If you are unsure about the repo's trustworthiness, run the pipeline on a local, offline model or skip running remote code entirely. These steps will materially lower the risk of accidental data exposure or system modification.

Review Dimensions

Purpose & Capability: noteThe skill claims to convert PDFs to posters and the SKILL.md drives a known Paper2Poster GitHub repository which plausibly implements that functionality. However, the skill metadata declares no required environment variables or credentials while the instructions explicitly ask the user to provide OPENAI_API_KEY and OPENAI_BASE_URL — an inconsistency between declared requirements and runtime behavior.
Instruction Scope: concernThe runtime instructions tell the agent to: git clone https://github.com/caoxinran102-sys/Paper2Poster.git into the current directory (using '.'), create/activate a conda env, pip install -r requirements.txt, create a .env with the user's API key/base URL, and run a pipeline that will process the user-provided PDF. Cloning into '.' can overwrite files in the current working directory; pip installing repository dependencies executes arbitrary third‑party code. The instructions also place sensitive secrets (.env) into the project folder. There is no step to inspect the cloned code before execution.
Install Mechanism: concernAlthough the skill bundle itself is instruction-only (no install spec), the instructions perform an explicit remote fetch (git clone from a GitHub repo) and then run pip install. Downloading and executing code from a third‑party GitHub repo and installing its dependencies is a higher-risk install pattern. The GitHub host is a known service (better than a random IP), but cloning directly into the current directory and auto-installing dependencies without review increases risk.
Credentials: noteThe only runtime secrets requested are OPENAI_API_KEY and OPENAI_BASE_URL, which are reasonable for interacting with OpenAI-compatible APIs. However, the registry metadata declared no required env vars or primary credential, creating a mismatch. The instructions also instruct writing these credentials into a .env file in the project folder—this is normal for API usage but has privacy/secret-storage implications and should be handled carefully.
Persistence & Privilege: noteThe skill is not marked always:true and does not request elevated platform privileges. It does, however, write files to disk (clone repo, create .env) and create a conda environment. Those are expected for this functionality but mean the skill will alter your filesystem and environment; the instructions do not request permanent platform-level changes beyond those local modifications.