Skillv1.0.2

ClawScan security

Docling · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 12, 2026, 4:18 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a CLI-based document extraction helper that calls a local `docling` binary; it asks for no secrets or persistent privileges, but you should only install/run the underlying `docling` CLI from a trusted source and avoid risky flags that can send data externally.
Guidance: This skill is an instruction-only wrapper around a local `docling` CLI. Before installing or using it: (1) install the `docling` CLI from a trusted source (e.g., the official project or PyPI) and verify package integrity, (2) avoid using the flagged options `--enable-remote-services` and `--allow-external-plugins` unless you trust the remote endpoints and plugins (they can send your document data off-host), (3) prefer writing outputs to a controlled temporary directory and remove outputs after use, (4) don't pass custom headers or other untrusted inputs that might be used to redirect requests or leak data, and (5) be cautious when processing sensitive documents—OCR and model enrichments may send content to model backends if you enable remote services. The skill metadata mismatch about required binaries (registry vs SKILL.md) and the lack of an official source/homepage lowers confidence; if you need higher assurance, ask the publisher for the authoritative project URL or a signed release before proceeding.

Review Dimensions

Purpose & Capability: okThe name/description promise (extract/parse web pages, PDFs, images via a CLI with optional GPU) matches the runtime instructions which show command-line usage of a local `docling` tool. One minor inconsistency: the registry metadata in the provided summary lists no required binaries, but SKILL.md metadata and the instructions explicitly require the `docling` CLI to be installed (e.g., via `pipx`). This is plausibly a metadata sync issue and not a functional mismatch.
Instruction Scope: okSKILL.md only instructs the agent to run `docling` against URLs or local files, read output files, and clean up. It does not ask the agent to read unrelated system files or environment variables. The doc explicitly warns about risky flags (`--enable-remote-services`, `--allow-external-plugins`, custom `--headers`) which, if used, could exfiltrate data—those flags are part of the CLI but are cautioned against in the instructions.
Install Mechanism: okThere is no install spec in the skill bundle (instruction-only). The SKILL.md advises installing `docling` via `pipx`, which is a reasonable, low-risk installation path; nothing in the bundle tries to download or run arbitrary code itself.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. That fits a local CLI wrapper which relies on an installed binary. This is proportionate to the stated purpose.
Persistence & Privilege: okThe skill does not request always-on presence, does not modify other skills or system-wide settings, and allows autonomous invocation (default) which is normal. No elevated persistence or privilege is requested by the skill itself.