Skillv1.0.0

ClawScan security

book_writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 2:34 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is instruction-only and its requested capabilities and artifacts align with a book-manuscript writing assistant; nothing in the files requests unrelated credentials, installs, or hidden endpoints.
Guidance: This instruction-only skill appears coherent for drafting argument-driven book chapters. Before using it: (1) Only provide literature/files you intend the agent to read — do not upload credentials, private keys, or unrelated sensitive documents. (2) Review any generated citations or quoted passages for accuracy and potential plagiarism — the skill can invent references or misattribute sources. (3) If you enable autonomous invocation for agents, be aware the agent could call the skill without a fresh prompt; restrict autonomous permissions if you don’t want that behavior. (4) If you need the manuscript in a specific language/register, supply clear examples and the required outline as the skill insists it will not proceed without one.

Review Dimensions

Purpose & Capability: okThe name/description (book manuscript writer) matches the provided SKILL.md and reference material: the skill defines a constrained writing workflow, demands user outlines, and includes style/formatting references. There are no binaries, installs, or environment variables required that would be unrelated to writing.
Instruction Scope: noteThe runtime instructions are detailed and focused on producing argument-driven 800–1000 word units. The SKILL.md does allow the agent to 'gather context' such as a user-specified directory of literature or supplied research materials — this is reasonable for a writing task but means the agent may be asked to read user-provided files. The skill does not instruct reading arbitrary system files or exfiltrating data to external endpoints.
Install Mechanism: okNo install spec and no code files — instruction-only. This is lowest-risk: nothing will be downloaded or written to disk by an install step.
Credentials: okThe skill declares no required env vars, credentials, or config paths. The instructions reference user-supplied materials (e.g., a directory of papers) but do not request secrets or unrelated service keys.
Persistence & Privilege: okalways is false and there is no indication the skill modifies other skills or requests permanent elevated presence. disable-model-invocation is false (the default) so the agent could invoke the skill autonomously; that is normal and not in itself a concern given the otherwise narrow scope.