Skillv1.2.0

ClawScan security

Sahabat Bumil 🤰 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 4:52 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions mostly match its stated pregnancy-guide purpose, but there are inconsistencies (missing dependency, repo/URL placeholders) and a detected prompt‑injection artifact that warrant manual review before installing.
Guidance: What to check before installing or running this skill: - Verify provenance: ask the author for a canonical repository URL (the README and packaging script contain placeholder 'yourusername' but manifest points to 'defzky'). Prefer installing only from the official repo/author you can verify. - Inspect the code for network activity: search the src/ files for 'requests', 'playwright', 'urllib', or hard-coded endpoints to see what external sites would be contacted and why. - Resolve dependency mismatch: SKILL.md lists playwright (and mentions web scraping) but requirements.txt only includes requests. If the skill actually uses Playwright, installing it requires extra steps and browser binaries; confirm whether scraping code is present and safe. - Investigate hidden characters: examine SKILL.md and other docs for unicode control characters (e.g., run cat -v SKILL.md or use a hex viewer). Hidden control characters can indicate content obfuscation or prompt-injection attempts. - Run in a sandbox: if you want to test, run the skill inside an isolated environment (container or VM) and monitor network connections and filesystem writes. - Check for data exfiltration paths: look for code that collects user data, reads arbitrary files, or posts to external endpoints. The skill currently does not request credentials, but code could still transmit data — verify any requests.post/put calls and their destinations. - Ask for an updated requirements.txt and a short security note: request that the maintainer publish a complete requirements.txt and explain what external data sources are scraped and how personally identifiable data (if any) is handled. Given the prompt-injection artifact and the dependency/repo inconsistencies, do not install the skill into a production agent or give it broad autonomous privileges until those issues are resolved.
Findings: [unicode-control-chars] unexpected: Hidden unicode control characters were detected in SKILL.md/SKILL-clean.md. These are not expected for a documentation-only pregnancy guide and can be used to obfuscate content or attempt prompt-injection. The finding should be investigated (display file with visible control characters) before trusting the skill's instructions.

Review Dimensions

Purpose & Capability: noteThe name/description (Indonesian pregnancy guide) align with the included code (nutrition database, hospital listings, finance tools). However SKILL.md and README claim Playwright-based web scraping for updates (playwright>=1.40.0), while requirements.txt and manifest only list requests>=2.28.0 — a mismatch. Installation/usage examples also use a generic clone URL (https://github.com/yourusername/...) while package metadata points to a different repo (defzky). These inconsistencies are unexplained and should be resolved by the author.
Instruction Scope: concernSKILL.md instructs users/agents to pip install requirements and run the included modules (e.g., src/mbg_program.py). The documentation also references web scraping for live updates; if present in code this implies network access to external sites. Additionally a pre-scan flagged 'unicode-control-chars' in SKILL.md (possible hidden control characters), which is a red flag because such characters can be used to attempt prompt injection or manipulate display/parsing. The instructions do not request unrelated files or credentials, but the hidden-character finding and unclear scraping behavior increase risk.
Install Mechanism: noteThere is no install spec in the manifest (instruction-only for the platform), which limits automatic installation risk. The packaged files are included in the skill bundle and the provided packaging script just copies files and zips them — no remote downloads. However SKILL.md claims Playwright use (which can be large and install browser binaries) but playwright is absent from requirements.txt; this mismatch could lead users to manually install extra dependencies or accidentally run missing/partial code. No direct downloads from untrusted URLs were found in the files reviewed.
Credentials: okThe skill does not declare or require any sensitive environment variables or credentials. Only optional user-preference env vars are shown in docs (SAHABAT_BUMIL_LOCATION, SAHABAT_BUMIL_BUDGET, SAHABAT_BUMIL_LANG). There are no hard-coded API keys or requests for unrelated cloud credentials in the manifest or SKILL.md.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent system-wide privileges. Autonomous invocation is allowed (platform default) but there is no evidence the skill attempts to modify other skills or system-wide agent settings.