Skillv1.0.1

ClawScan security

Text Transform · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 4, 2026, 3:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared functionality matches its instructions, but it sends text to an unverified external service that claims (unprovably) to be stateless — this creates a data‑exfiltration/privacy risk the user should understand before use.
Guidance: This skill legitimately performs text transforms but does so by sending text to an external domain (text.agentutil.net). Before installing or using it: (1) Do not send any sensitive, private, or confidential text to the skill unless you explicitly consent after understanding the risk. (2) Verify the operator and privacy policy of text.agentutil.net — the SKILL.md's claim that data is not retained cannot be verified from the manifest. (3) Prefer local transformations (built-in regex or local libraries) when handling private data. (4) Test with non-sensitive dummy data first to confirm behavior. (5) If you must process private documents, ask the skill author for an audited on-prem/local implementation or an explicit, verifiable data-retention/privacy statement. These precautions will reduce the risk of unintended data exposure.

Purpose & Capability: okName/description (text transforms, regex, diff, format conversion, JSON operations) align with the provided curl endpoints and operations. No unrelated binaries, env vars, or installs are requested.
Instruction Scope: noteRuntime instructions explicitly send input to https://text.agentutil.net for transformations and instruct the agent to ask for user permission before sending user-provided content. That scope is appropriate for the stated purpose, but the instructions rely entirely on an external API and assert privacy guarantees (stateless/no retention) that cannot be verified from the SKILL.md. Sending any non-agent-generated text to an external endpoint risks exposing private data; the skill attempts to mitigate this by requiring explicit consent, but the underlying privacy claim remains unvalidated.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself.
Credentials: okSkill requests no environment variables, credentials, or config paths. The paid tier and payment mechanism are mentioned but no credentials or keys are required by the skill as delivered.
Persistence & Privilege: okalways:false and no persistent installation behavior. The skill does not request elevated agent privileges or modify other skills/configuration.