Skillv1.1.0

ClawScan security

Encrypted File Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 7:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to be an "encrypted/protected" file writer for enterprise use, but the code and metadata do not implement or justify encryption or enterprise protections and several metadata/doc inconsistencies raise concerns.
Guidance: Key issues to consider before installing: - Misleading name/claims: despite the "encrypted" name and enterprise wording, the included code does not implement encryption or any protection mechanisms. If you need encrypted file storage, this skill will not provide it. - Metadata/document mismatches: README, SKILL.md, package.json and _meta.json contain conflicting statements (e.g., .docx/.xlsx support, owner IDs). This suggests sloppy packaging or possible tampering — verify the upstream source and author identity before trusting it. - Arbitrary local writes: the script will write to any path the process can access. Ensure the agent's execution environment is restricted (sandbox) and that you trust callers/automation that may invoke the skill. Broad activation keywords increase accidental invocation risk. - Incomplete review: the provided write_file.py was truncated in the package listing; review the full file to ensure there are no hidden network calls, subprocess execution, or obfuscated behavior before use. Recommendations: only run this skill in an isolated environment (sandbox) until you (1) review the full source code yourself, (2) confirm whether encryption/protection features are necessary and implemented, and (3) reconcile the metadata (author, homepage, repository). If you need genuine encrypted writing, prefer a tool that explicitly uses standard crypto libraries and documents key management policies.

Review Dimensions

Purpose & Capability: concernThe skill name and description advertise "encrypted/受保护" writing and enterprise security compatibility, yet the included code (write_file.py) uses only standard file I/O and OpenXML construction — no cryptographic or protection mechanisms are present. This is a substantive mismatch: callers expecting encryption or protected containers would be misled. Additional inconsistencies: README says .docx/.xlsx need extra deps (contradicting SKILL.md and code), and registry metadata owner IDs differ across files, suggesting careless or inconsistent packaging.
Instruction Scope: concernSKILL.md instructs the agent to run write_file.py to write arbitrary local paths and supports stdin, append/overwrite, and auto-creating directories. The instructions do not reference reading unrelated files or env vars, which is good, but they permit writing any filesystem path the agent process can access. Activation keywords are broad (e.g., "写入文件", "保存文件") which could cause the skill to be invoked for many user intents and potentially perform writes unintentionally if the agent is allowed to act autonomously. The SKILL.md also claims enterprise authorization/controls that are not enforced by the code.
Install Mechanism: okNo install specification is present (instruction-only with included code). This minimizes installer risk because nothing is fetched or executed at install time. The package includes Python code that will run when invoked, but there is no external download or archive extraction in the install step.
Credentials: okThe skill requests no environment variables, no external credentials, and declares only the Python standard library as a dependency — this is proportionate for a local file-writing utility. However, the claimed enterprise/"encrypted" capabilities are not reflected in environment or dependency requirements (i.e., lack of keys or crypto libraries), which is part of the coherence concern noted above.
Persistence & Privilege: okThe skill is not forced-always, and it does not request permanent privileges. It is user-invocable and allows model invocation (the platform default). There is no evidence it modifies other skills or system-wide settings.