Skillv1.0.0

ClawScan security

Data Extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 16, 2026, 4:27 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and requirements are coherent with its stated purpose (parsing and cleaning messy data); it requests no credentials or installs, but include naive parsing heuristics and file I/O patterns you should review before running on sensitive data.
Guidance: This skill appears to do what it says: example Python code for extracting and cleaning messy data. Before using it, keep in mind: 1) the snippets read files by path—only give it files you intend to expose (avoid system or sensitive files); 2) the regex-based fixes are heuristic and can corrupt or misinterpret input (test on non-sensitive samples first); 3) some regex patterns can be slow or brittle on adversarial inputs—limit file size and runtime or use streaming libraries (ijson, csv with proper dialect detection) for large/hostile inputs; 4) because it's instruction-only, the agent will try to run code in whatever runtime is available—confirm the execution environment and sandboxing and avoid granting elevated filesystem access; and 5) if you need production-grade parsing, consider using well-maintained parsing libraries rather than raw regex fixes. If you want extra assurance, request a version that includes robust error handling, explicit file-path validation, and limits on input size/timeouts.

Purpose & Capability: okName and description match the SKILL.md: it provides Python snippets and patterns for extracting JSON, CSV, logs, key-value pairs, streaming large files, and cleaning data. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope: noteThe instructions are narrowly focused on parsing/cleaning data and include functions that read files (stream_jsonl, stream_csv) and perform regex-based fixes. This is expected for a data-extraction skill, but the snippets assume access to arbitrary file paths provided at runtime and use brittle regex substitutions that can mis-parse or mutate input. There are no instructions to access system-wide config, credentials, or unexpected external endpoints.
Install Mechanism: okInstruction-only skill with no install spec and no bundled code—nothing is written to disk by the skill itself. This is the lowest-risk install posture.
Credentials: okThe skill requests no environment variables or credentials. All operations use local I/O and standard Python libraries in the examples; the required privileges are proportionate to the stated purpose.
Persistence & Privilege: okalways is false and model invocation is allowed (the platform default). The skill does not request persistent presence, nor does it instruct modification of other skills or system-wide agent settings.