Skillv1.0.1

ClawScan security

Legal Site Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 3, 2026, 11:00 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to generate a complete legal site (privacy, terms, support, deletion pages) but the included handler only writes a single placeholder index.html; behavior and claims are inconsistent though there is no evidence of malicious exfiltration.
Guidance: This skill is not obviously malicious, but it is inconsistent and incomplete: SKILL.md promises multiple legal pages, yet the handler only writes a placeholder index.html. Before installing or invoking it: (1) review skill.js locally and run it in an isolated or empty directory to avoid unexpected file writes; (2) if you expect full privacy/terms/delete pages, update the handler to call the provided generation functions and write those HTML files, or reject the skill; (3) note that sanitize() only escapes < and > — if you plan to inject attributes or rich content, review and strengthen escaping/encoding to avoid HTML injection; (4) confirm contact email inputs and test the generated output to ensure the legal text meets your requirements. If you need the promised full-site behavior, ask the author for a fixed handler implementation or patch it yourself.

Purpose & Capability: concernThe SKILL.md and top-level description promise a full set of pages (privacy, terms, support, data deletion) in a ready-to-deploy ./dist folder. The code contains helper functions to generate those pages, but the handler implementation only writes a single placeholder index.html into ./dist and does not call the generation functions. That mismatch means the skill does not deliver its claimed capability as-is.
Instruction Scope: okThe runtime instructions and code are limited to generating static HTML and writing files under the current working directory (./dist). The skill does not invoke external programs, network endpoints, or read environment variables or arbitrary system files. Writing to the working directory is expected for this purpose but you should run it in a safe/empty folder.
Install Mechanism: okThere is no install spec and no external downloads. The package.json and skill.js are included in the bundle; nothing is fetched from outside during install. This is lower-risk from an install perspective.
Credentials: okThe skill declares no required environment variables, credentials, or config paths and the code does not access any. No secrets appear to be requested or used.
Persistence & Privilege: okThe skill is not marked always:true, does not modify other skills or system-wide settings, and only writes files under ./dist. It does not request persistent elevated privileges.