Skillv1.0.0

ClawScan security

req-to-testcase · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 8, 2026, 1:51 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (extract text from uploaded requirement documents, generate structured test cases, and export an XMind file), but it contains a few operational choices you should be cautious about (automatic triggering and in-place pip installs).
Guidance: This skill appears to do what it claims: parse uploaded requirement documents, generate structured test cases, and produce an XMind file. Things to consider before installing or enabling it: - Automatic triggering: SKILL.md requires the skill to run whenever a user uploads a document or mentions certain keywords, even if the description is incomplete. If you have sensitive documents that should not be processed automatically, disable auto-triggering or require explicit user confirmation before running. - Dependency installation: The scripts suggest installing Python packages at runtime and include guidance to use pip with --break-system-packages. On shared or managed hosts this can alter the environment or be blocked. Prefer installing dependencies in an isolated environment (virtualenv / container) under controlled conditions rather than allowing the skill to pip-install into the system interpreter. - File handling: The reader processes arbitrary uploaded files. While the code only reads and extracts text, parsing third-party document formats (PDF, DOCX, Excel) relies on third-party libraries that could have vulnerabilities. Run in an isolated environment if uploads could be untrusted. - Review included code: The repository is small and readable; if you require higher assurance, review the two scripts (read_requirement_file.py and xmind_tools2.py) yourself or have them audited. They do not contain network calls or credential exfiltration logic. - Output sharing: The skill uses present_files (platform tool) to share outputs; ensure your sharing policies are enforced and files are stored/cleaned according to your data retention rules. If you are comfortable with the operational notes above (isolate dependency installs, restrict automatic triggers, and vet untrusted uploads), this skill is coherent with its stated purpose.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, and included scripts align: read various document formats, parse requirements, generate multi-type test cases, and produce a .xmind file. The included read_requirement_file.py and xmind_tools2.py implement the advertised functionality and reference only upload/output directories (/mnt/user-data/uploads, /mnt/user-data/outputs). No unrelated credentials, binaries, or external services are requested.
Instruction Scope: noteRuntime instructions are focused on the task (list uploads, run the reader script, parse text, call XMind generator). However SKILL.md explicitly instructs the agent to trigger immediately whenever a user uploads a document or mentions certain keywords even if the description is incomplete; this grants the skill broad automatic behavior that may process sensitive uploads without further user confirmation. The SKILL.md also instructs using present_files to share outputs (expected for delivering files).
Install Mechanism: concernThere is no formal install spec, but both scripts instruct the operator to pip install missing Python packages, using --break-system-packages in error messages. Ad-hoc pip installation at runtime (especially with --break-system-packages) can modify the host environment or be blocked/unsafe on managed systems. No network endpoints or obfuscated downloads are present in the code files themselves, and included files are local, but automatic dependency installation is an operational risk to be considered.
Credentials: okThe skill requires no environment variables, credentials, or external config paths beyond reading files from /mnt/user-data/uploads and writing outputs to /mnt/user-data/outputs. The scope of filesystem access in the instructions is reasonable for the declared purpose. The scripts do not attempt to read environment variables or other system configuration.
Persistence & Privilege: okSkill flags are default (always:false, user-invocable:true, model-invocation allowed). The skill does not request persistent system-wide privileges or attempt to modify other skills. It writes generated files and creates temporary extraction directories while building .xmind files — expected behavior for this functionality.