Skillv1.0.0

ClawScan security

Meeting Notes Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 8, 2026, 2:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (structured meeting minutes from PDF/Word) matches most of its instructions, but it references external services/functions (DeepSeek API, extract_pdfs_full_content, simulated web/company searches) without declaring credentials, endpoints, or implementation — an incoherence that warrants caution.
Guidance: This skill largely does what it says (convert uploaded PDFs/Word to structured meeting minutes), but there are unclear or missing pieces you should clarify before installing or using it with sensitive data: - Ask the author what 'DeepSeek API' is, what endpoint(s) it calls, and whether it requires an API key or other credentials; confirm where/how those credentials would be configured. The SKILL.md references this API but the package declares no env vars for authentication. - Confirm what 'extract_pdfs_full_content' refers to (a built-in platform function, a third-party library, or a remote service). If document contents are sent to a remote service, learn the retention and privacy policy. - The 'company verification' step implies external web/database lookups. Ask whether the skill will perform live web requests and where the results are sourced from; verify any data-sharing implications. - The requirement to reach 100% coverage and expand to ≥2000 words can pressure the agent to invent or over-interpret missing details. If you plan to use the skill on confidential meetings, test it first with non-sensitive samples to see how it handles gaps, expansions, and marking of supplemented content. - Request a clear data flow: what data is sent externally (if any), how long outputs/inputs are stored, and whether any third parties get copies. If the author cannot provide clear answers about external services and credential handling, avoid uploading confidential material or decline installation until the implementation details are made explicit.

Review Dimensions

Purpose & Capability: noteName/description and SKILL.md consistently describe a meeting-notes generator that ingests PDF/Word and produces structured minutes. The included helper scripts are packaging/validation utilities (no network code). However, SKILL.md calls out using a 'DeepSeek API' and an 'extract_pdfs_full_content' function that are not present in the bundle and no credentials or endpoints are declared — this is an implementation gap rather than an obviously malicious mismatch.
Instruction Scope: concernRuntime instructions require parsing uploaded documents, performing four rounds of strict extraction/verification, and in one template explicitly instruct a 'company name verification' step that simulates external searches and uses broad knowledge/databases. Those steps imply network lookups or an external API, but the instructions do not specify how those calls are made, what endpoints are used, or what data is sent. The strong requirement of 100% coverage and mandatory expansion to reach ≥2000 words also creates practical ambiguity (how to 'expand' without adding unverifiable information).
Install Mechanism: okNo install spec is provided and the included scripts are local packaging/validation utilities. Nothing in the files performs downloads or installs external packages. This instruction-only packaging is low-risk from an install mechanism perspective.
Credentials: concernThe skill references external APIs/services (DeepSeek, simulated web/company searches) but declares no required environment variables, primary credentials, or config paths. That mismatch is suspicious: if external services are required, credentials or endpoints should be declared. Absence of declared secrets makes it unclear how the skill would authenticate or whether it would attempt to send document contents to an external endpoint unexpectedly.
Persistence & Privilege: okThe skill is not set to always:true and does not request elevated or persistent system privileges. The included scripts are packaging/validation helpers and do not modify other skills or system-wide settings.