Back to skill
Skillv1.0.0
ClawScan security
Accounting Finance System Research Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 8:42 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with its stated purpose (research accounting/finance system how‑to questions and produce a DOCX), with no disproportionate privileges or unexpected network/install behavior baked into the package.
- Guidance
- This skill appears coherent and low-risk, but note a few practical points before installing: 1) SKILL.md expects the agent to perform web research and cite vendor docs — confirm your agent environment allows browsing or that you'll supply source links. 2) Generating a DOCX requires python-docx if you run the included script locally; it will write files to disk. 3) Do not provide sensitive credentials or proprietary configuration when asking the skill to research unless you explicitly trust the execution environment. 4) Review produced source links and the DOCX before sharing externally to ensure no sensitive information was included.
Review Dimensions
- Purpose & Capability
- okName and description align with the included files and behavior: clarification-first workflow, web research, analysis, and DOCX generation. The included docx generator and reference materials are appropriate for the stated purpose.
- Instruction Scope
- noteSKILL.md requires doing web research and capturing source metadata (URLs and accessed dates). That is coherent with the skill's purpose, but it assumes the agent has a browsing/web-access capability (or the user will provide sources). The instructions otherwise stay within scope and explicitly require clarifying questions and confirmation before research.
- Install Mechanism
- okNo install spec; the package is instruction-first with a small Python script to render DOCX. The only dependency is python-docx (not installed automatically). There are no external downloads or opaque installers.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. It does not require access to unrelated services or secrets.
- Persistence & Privilege
- okalways is false and the skill does not request persistent platform privileges. It writes only an output .docx when run and does not attempt to modify other skills or system configuration.