Skillv0.9.2

ClawScan security

zenTable · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 2, 2026, 1:12 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (render tables using Headless Chrome) is plausible and the requested binaries match that goal, but the SKILL.md instructs the agent to execute local scripts and use OCR services that are not included in the package and it contains an auto-execute shorthand (Zx) that could cause the agent to run commands without clear user confirmation — these inconsistencies merit caution.
Guidance: This package is primarily documentation: it describes Python + Headless Chrome renderers and an OCR service, but it does NOT include the runnable code the docs reference. Before using/installing: 1) review the pinned GitHub release (https://github.com/con2000us/zenTable/releases/tag/skillhub-zentable-beta-2026-03-01) and inspect the exact scripts (skills/zentable/table_renderer.py, scripts/zentable_render.py) that would be executed; 2) do not grant broad exec/read/write privileges to an agent unless you trust the fetched code — prefer manual download and review; 3) run the renderer and any OCR services in an isolated container or VM for initial testing; 4) be cautious of the Zx shorthand which instructs the agent to auto-run rendering without answering follow-up questions — if you install, consider restricting the skill's ability to exec or require explicit user confirmation; 5) verify any local network endpoints (OCR/CSS APIs) before allowing the agent to call them. If you cannot or will not review the referenced release artifacts, avoid enabling exec access or decline to install.

Review Dimensions

Purpose & Capability: noteName/description match the requested binaries (python3 + google-chrome) and the stated rendering approach. However, the skill references local scripts (skills/zentable/table_renderer.py, scripts/zentable_render.py) and a pinned GitHub release as the runnable source, but no runtime code is included in this package. That mismatch (docs expect code that isn't present) is a coherence issue: the installed skill cannot perform the described work without downloading and running external assets.
Instruction Scope: concernSKILL.md allows exec/read/write and gives explicit command examples that run local Python renderers and mentions OCR-assisted extraction and a Zx shorthand that instructs the agent to 'execute rendering directly by default (no preliminary Q&A)'. Those instructions grant the agent discretion to run local binaries and operate on message images and prior context. Because the actual renderer and OCR backends are not bundled, following these instructions would require fetching and running external code and/or contacting local services — a scope expansion not explicitly declared in the skill's manifest.
Install Mechanism: noteThere is no install spec in the skill bundle (instruction-only), which is lower risk in isolation. But INSTALL.md explicitly instructs users/agents to download a pinned GitHub release and run scripts from it. The absence of an automated/verified install mechanism in the package plus instructions to fetch and execute release assets is a potential operational risk and a point of inconsistency.
Credentials: noteThe skill declares no required environment variables or credentials (appropriate for a renderer). However DEPLOYMENT.md documents .env variables and local OCR backend options for a deploy scenario; those variables are not required by the skill manifest. This is mismatched documentation but not direct credential overreach in the packaged skill.
Persistence & Privilege: okThe skill does not request always:true and does not declare any system-wide configuration changes. Autonomous invocation is allowed by the platform default; the real issue is the Zx shorthand in the instructions that encourages immediate execution without user confirmation — this is an instruction-level behavior to be mindful of but not a declared persistence/privilege escalation in the manifest.