Skillv1.0.1

ClawScan security

ZeeLin Academic Paper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 4, 2026, 3:06 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent with its stated function (local template-driven paper generation), but its strong claim of “fully local / no external API calls” conflicts with how OpenClaw skills normally run (they rely on a model backend) and could mislead users about where data is sent.
Guidance: This skill is coherent for generating structured academic drafts from user-provided references and local templates, but pay attention to two practical risks before installing or using it: 1) Privacy / data location: the skill repeatedly claims "fully local / no external API calls." In practice, the agent that executes these instructions will use whatever LLM backend your OpenClaw environment is configured with (e.g., OpenAI). If that backend is a cloud service, content you send to the skill (reference text, drafts) may be transmitted to that service. If you require guaranteed on-device processing, verify your OpenClaw instance is running a local model and confirm model invocation does not go to external providers. 2) Academic-integrity risk: templates ask the model to produce simulated data and long, detailed sections; the skill warns users to verify and replace simulated data. Do not rely on generated data or unverified citations for real submissions — always human-review, verify references, and ensure compliance with your institution’s rules. Additional practical checks: review workspace file permissions for the skill's directory, confirm no unexpected network access from your environment, and test with non-sensitive sample input first.
Findings: [no-findings] expected: Regex scanner found nothing to analyze; the skill is instruction-only and most behavior is in SKILL.md and templates, which were reviewed manually.

Review Dimensions

Purpose & Capability: noteName/description (academic paper generator) lines up with the declared requirement (file-system capability) and the content of SKILL.md and templates. The skill only needs local templates and user-provided references — those needs are proportionate. However, the SKILL.md and PRIVACY.md repeatedly assert "完全本地化 / 无外部 API 调用," which may be misleading because the skill is an instruction set for an LLM-driven agent (agents/openai.yaml exists). Unless the host is running a local model, model invocation will go to an external service, so the "fully local" claim is not verifiably true from the skill alone.
Instruction Scope: noteRuntime instructions are narrowly scoped: read local template references/prompts_zh.md and solicit user reference material, then generate structured sections. The instructions do not direct the agent to read unrelated system files, environment variables, or send data to external endpoints. Two notes: (1) templates explicitly instruct generating synthetic data/tables — this carries an integrity risk (fabricated data) and the skill warns the user, and (2) the workflow expects the platform LLM to produce long-form content, which implies model invocation even though the SKILL.md claims no external calls.
Install Mechanism: okInstruction-only skill with no install spec and no code files to execute. This is low-risk from an installation perspective — nothing is downloaded or written by an installer.
Credentials: okNo environment variables, credentials, or external config paths are requested. The single declared capability is file-system access (to read templates), which is appropriate for a template-driven generator.
Persistence & Privilege: okDefault privileges (always: false, user-invocable, model invocation allowed). The skill does not request permanent presence or modify other skills. No elevated privileges are declared.