Skillv0.1.0

ClawScan security

Cerbug45 Email Formatter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 12, 2026, 12:07 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with an email-formatting purpose: it includes local Python scripts for grammar/tone/readability and a security scanner, requests no credentials, and installs only Python packages and a spaCy model into the user's home directory.
Guidance: This skill appears to do what it claims: local Python scripts analyze and rewrite emails and enforce a security scan before formatting. Before installing, review the bundled scripts yourself (they are plain Python) and consider running the install in a sandbox or non-production environment because the installer will attempt networked pip installs and download a spaCy model. Note the installer tries `--break-system-packages` (potentially intrusive) but falls back to user installs. The skill will create ~/.email-formatter-skill and save a config file. If you need to avoid network installs or persistent files, use the minimal/manual mode described in SKILL.md (no optional packages) or run the scripts directly without running the installer. Finally, the security scanner may block or warn on emails containing credential requests, threats, or other flagged content — this is intentional behavior of the skill.
Findings: [regex-ssn-creditcard-detection] expected: security_scan.py intentionally contains regexes to detect SSNs, credit-card-like patterns and other sensitive data — this is expected and appropriate for an email security scanner. [pip-install-break-system-packages] expected: The installer uses pip with --break-system-packages as an initial attempt, and falls back to --user if that fails. Networked pip installs are expected for optional NLP packages, but the --break-system-packages flag is more intrusive than a pure --user install and should be reviewed before running on managed systems. [spacy-model-download] expected: The SKILL.md and scripts call `python3 -m spacy download en_core_web_sm` to get an NLP model — expected for enhanced grammar/tone features; it performs network downloads during install. [home-dir-write] expected: Installer creates ~/.email-formatter-skill and writes scripts/config there. This is consistent with the skill's described behavior but means persistent files will exist in the user's home.

Review Dimensions

Purpose & Capability: okName/description match the provided artifacts: grammar_check.py, tone_analyzer.py, readability.py and a security_scan.py all directly support email formatting and safety checks. No unrelated credentials, binaries, or services are requested.
Instruction Scope: okSKILL.md and README instruct the agent to run a local installer and then run the security scanner, analyzers, and formatter; the runtime instructions reference only the skill's scripts and paths under ~/.email-formatter-skill. The requirement to run the security scanner before formatting is explicit and implemented in shipped code. There is no instruction to read unrelated system files or exfiltrate data.
Install Mechanism: noteThere is no registry install spec, but the package includes an install.sh and an auto-install snippet in SKILL.md that run pip installs and call `python3 -m spacy download en_core_web_sm`. This is a networked pip install (moderate risk by nature). The install attempts to use `--break-system-packages` (which can alter system Python package state) with a fallback to user-scoped installs; that flag is more intrusive on some systems and worth reviewing before running.
Credentials: okNo environment variables, credentials, or external tokens are requested. The skill writes into the user's home directory (~/.email-formatter-skill) which is reasonable for a local utility.
Persistence & Privilege: okThe skill does create files and a config in the user's home directory and marks scripts executable, but it does not request always:true or system-level changes beyond installing packages and saving config under the user's home. It does not alter other skills or system configuration outside the user's home directory.