Skillv3.1.0

ClawScan security

Human Level Up · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 19, 2026, 2:29 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (extracting key points, generating quizzes, tracking points), but a prompt-injection indicator (unicode control characters) and some deployment examples create modest risk — review before installing or running.
Guidance: What to consider before installing or running this skill: - The code and instructions are coherent with the claimed purpose (extracting key points, generating quizzes, tracking points). There are no required secrets or special binaries. - A prompt-injection signal (unicode control characters) was detected in the SKILL.md/prompt files. That can be used to try to manipulate model behavior or hide content; open the SKILL.md and prompt.md in a plain-text editor, remove suspicious invisible characters, and re-check the prompts before use. - The package has no enforced install step in the registry, but README shows example installation (pip, Docker, GitHub). If you install dependencies or run the Docker image, do so in an isolated environment (virtualenv, container) and verify the upstream repository/image authors (the provided URLs are examples and should be vetted). - The scripts write a local file (evolution_data.json). If you need to keep your environment clean, run the skill in a sandboxed directory or container. - The README contains optional network examples (bookmarklet, API endpoints, ghcr Docker image). If you deploy any of those, verify the remote endpoints and images — they could introduce network I/O or external code not present in the shipped scripts. Recommended actions before proceeding: 1. Inspect prompt.md and SKILL.md for hidden/unicode control characters and remove them. 2. Review scripts and requirements.txt locally; if you will install dependencies, do so inside a virtualenv or container. 3. If you plan to deploy a web/API or use the Docker image, validate the source (GitHub/ghcr) and review any server-side code for external network behavior. 4. Run the scripts on non-sensitive sample files first to confirm behavior, and back up or isolate directories where evolution_data.json will be written. If you want, I can: (a) show lines from SKILL.md around the detected control chars, (b) produce a sanitized prompt.md with invisible characters removed, or (c) scan the included Python files for any additional red flags.
Findings: [unicode-control-chars] unexpected: The SKILL.md contains unicode control characters detected as prompt-injection patterns. This is not necessary for the stated functionality and can be used to manipulate or obfuscate prompts; recommend removing or inspecting these characters before using the skill in automated or high-privilege contexts.

Review Dimensions

Purpose & Capability: okName/description align with included scripts: extract.py extracts key points, quiz_generator.py builds quizzes, and evolution_tracker.py stores progress. No credentials, binaries, or unrelated capabilities are requested.
Instruction Scope: noteSKILL.md / prompt.md contain explicit runtime instructions for extracting content, generating quizzes, scoring, and running a 'Turing-mode' comparison — all consistent with the skill. However, the pre-scan found unicode-control-chars in SKILL.md (prompt-injection pattern), which may be an attempt to influence model behavior or obfuscate text. The instructions also include deployment examples (webhook/API, Docker, browser bookmarklet) that, if used, could introduce external network behavior not present in the shipped scripts.
Install Mechanism: okThere is no install spec in the registry entry (instruction-only), so nothing will be automatically downloaded or executed by the installer. The repository includes a requirements.txt (arxiv==2.1.0 and 'datetime') referenced in README examples; installing those would pull packages from PyPI. Because installation is optional and not enforced by the registry, install risk is low but users should audit dependencies before pip installing.
Credentials: okThe skill requests no environment variables or credentials. The code reads user-provided files and writes a local evolution_data.json file; this is proportionate to tracking progress and does not require secrets. There are example network endpoints in README, but they are optional examples and not required by the scripts.
Persistence & Privilege: notealways is false (no forced inclusion). The tracker writes evolution_data.json to the working directory to persist points, which is expected behavior. Be aware this creates a persistent local file and will modify the directory where the skill is run, but it does not alter other skills or system-wide settings.