Skillv1.0.9

ClawScan security

Ai Image Prompts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 8:42 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, instructions, and network activity are coherent with its stated purpose (serving a curated prompt library and sample images); it requires no credentials and only downloads public JSON references from a GitHub raw URL.
Guidance: This skill appears to do exactly what it says: it downloads public JSON 'references' from a GitHub repo and instructs the agent to attach sample images referenced in those files. Before installing, consider: (1) the skill will make outgoing HTTP requests to raw.githubusercontent.com to fetch JSON and will cause the agent to fetch remote image URLs from those JSON files — if you are privacy-sensitive, avoid pasting confidential content into prompt-remix flows; (2) trust in the upstream GitHub repo matters: if the repo were compromised it could change references, so inspect references/ after installation if you want assurance; (3) no credentials are requested, so there is no credential-exfiltration signal. If you have strict network or content policies, review the downloaded JSON and sample image hosts before enabling autonomous use.

Review Dimensions

Purpose & Capability: okName/description match the actual behavior: the skill provides a searchable prompt library and sample images. The included setup script and reference JSON files are consistent with downloading and serving that library. No unrelated credentials, binaries, or services are requested.
Instruction Scope: noteThe SKILL.md is explicit about workflow: download references (node scripts/setup.js), read references/manifest.json, search category files, and always attach sample images (sourceMedia[0]). This stays within the skill's purpose. Note: mandating inclusion of sample images means the agent will fetch and attach remote image URLs from the downloaded JSON — this is expected but results in outgoing HTTP requests to third-party hosts referenced in the JSON.
Install Mechanism: okNo install spec; the only code is a small setup.js that fetches JSON from a raw GitHub URL (raw.githubusercontent.com). Using GitHub raw for reference files is reasonable and common; it writes files to the skill's own references/ directory. Risk is limited to trusting the upstream repo's content.
Credentials: okNo required environment variables or credentials are declared or used. package.json lists some dependencies (dotenv, qs-esm) that are not needed by the setup script — unnecessary but not harmful. The skill does not request unrelated secrets or config paths.
Persistence & Privilege: okThe skill runs on user invocation (always: false) and may be invoked autonomously by agents (platform default). It writes its own references/.last-updated stamp and reference files only; it does not modify other skills or global agent settings.