Skillv2.1.0

ClawScan security

Specification Extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 4:44 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose: an instruction-only PDF specification extractor that needs python3 and filesystem access to process user-supplied spec documents.
Guidance: This skill appears coherent and focused on extracting data from PDFs. Before installing or running it: (1) confirm you have python3 and install required Python packages (e.g., pdfplumber) in a controlled environment; the skill doesn't include an install step for those dependencies. (2) Only feed non-sensitive example files at first to validate behavior. (3) Review the full SKILL.md/instructions for any network calls or pip/exec commands not shown in the excerpt. (4) Note that filesystem permission is required to read your documents — ensure you trust the skill owner or run it in an isolated environment if handling confidential specs.

Review Dimensions

Purpose & Capability: okName/description, instructions, and required capabilities align: parsing PDF specs naturally requires Python (for the provided example implementation) and filesystem access to read user documents. There are no unrelated credentials, services, or binaries requested.
Instruction Scope: noteSKILL.md shows parsing of PDFs (pdfplumber + regex) and extraction of sections/products/submittals — this stays within the stated scope. The instructions ask to use data provided by the user. I did not observe any directives to read unrelated system files, access environment secrets, or transmit data to external endpoints in the provided excerpts. Review the full SKILL.md for any hidden networking calls, but the visible content is focused on local document parsing.
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk. However, the example code uses the third-party package pdfplumber (and possibly other Python libs) but the skill does not declare how those Python dependencies should be installed. That mismatch is an operational issue (missing dependency installation instructions) rather than a security red flag.
Credentials: okThe skill requests no environment variables or credentials. claw.json declares a 'filesystem' permission which is proportionate to the task of reading user-supplied spec files. No other sensitive access is requested.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent global presence or elevated privileges. There is no indication it modifies other skills or system-wide settings.