Back to skill
Skillv1.0.0
ClawScan security
Deposition Question Development · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 8:40 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it reads Relativity-exported PDFs, extracts bottom-right page document IDs with a bundled Python script, and drafts deposition questions — it does not request credentials, network endpoints, or unrelated system access.
- Guidance
- This skill appears to do what it says: it runs a local Python script to parse PDFs, extract bottom-right numeric document IDs, and help draft deposition questions with verbatim quotes. Before use: (1) install pdfplumber from a trusted source (pip) and verify your Python environment; (2) run the extraction on a copy of sensitive productions in a secure machine — the script reads PDFs and writes JSON locally but does not send data externally; (3) manually review pages flagged with missing or ambiguous IDs and verify all quoted text before using it in a deposition; (4) avoid uploading privileged documents to untrusted networks or services when using the skill.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation. The included script and SKILL.md are focused on extracting page text/IDs and organizing questions by document ID; nothing requested (no env vars, no unrelated binaries) is out of scope.
- Instruction Scope
- okRuntime instructions are narrowly scoped: prompt for legal theory and PDF paths, run the provided extraction script, classify pages for relevance, and draft questions with quotes. The instructions do not request unrelated files, credentials, or external endpoints.
- Install Mechanism
- okThere is no install spec (instruction-only). The only runtime dependency is pdfplumber (installed via pip as described), which is a reasonable, traceable Python library for PDF parsing.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The script reads local PDF files and writes a JSON output file as expected for this task.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated or persistent privileges; it does not modify other skills or system-wide agent settings.