v7.3.2

Integrated Manufacturing Consulting

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:18 PM.

Analysis

The skill mostly fits a consulting-report generator, but it also describes automatic triggering, self-evolution, local skill scanning, and persistent logs that users should review carefully.

GuidanceInstall only if you want an attachment-driven consulting report generator. Before using it with confidential client materials, require explicit invocation, disable or constrain self-evolution and local skill scanning, sanitize any web-search enrichment, and verify the local Python dependencies.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityMediumConfidenceHighStatusConcern

SKILL.md

用户上传任何内容时，自动触发此技能进行专业报告生成。

This tells the agent to invoke the skill for any upload, not only when the user asks for a consulting report, creating an overbroad trigger.

User impactUnrelated or sensitive attachments could be pulled into this report-generation workflow unexpectedly.

RecommendationLimit invocation to explicit user requests or clearly relevant trigger phrases, and require confirmation before processing uploaded files.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

每日扫描 ~/.workbuddy/skills/ 发现新技能 ... 自动更新技能生态矩阵 ... 每次执行后写入进化日志

The skill describes recurring autonomous scanning, automatic updates, and activity after each execution, which extend beyond a single user-directed report task.

User impactThe skill may keep operating or adapting based on the local skill environment rather than only producing the requested report.

RecommendationDisable self-evolution by default; make any skill scanning or ecosystem update opt-in, bounded to a specific path, and reviewable by the user.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

references/extract_content.py

subprocess.run(["markitdown", file_path], capture_output=True, text=True, timeout=120)

The helper runs a local document-conversion command on user-supplied files; this is central to document extraction but is still local command execution.

User impactProcessing untrusted documents through local converters can expose local tooling to malformed files.

RecommendationRun document extraction only on files the user intends to process and keep conversion tools updated.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

compatibility: Requires Python 3.9+, pip, python-pptx, lxml, python-docx, reportlab.

The skill documents package/runtime dependencies while the registry requirements and install spec declare none, creating an under-declared setup/provenance gap.

User impactUsers may not realize extra local packages or tools are needed before helper scripts work.

RecommendationDeclare required binaries/packages in metadata or provide a pinned, reviewable install specification.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

去AI味润色 — 集成 humanizer-zh 去除AI痕迹

The wording encourages removing visible AI traces rather than simply improving readability, which may affect how recipients judge authorship.

User impactClient recipients could over-trust the report if AI assistance is intentionally obscured.

RecommendationUse transparency-friendly wording and disclose AI-assisted drafting where appropriate.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

追踪布局模式使用频率...记录每次执行错误与修复...每次执行后写入进化日志，供后续参考

The artifact describes persistent execution-derived records reused later, without clear boundaries on what is stored, retained, or trusted.

User impactInformation from one client report task, including errors or usage context, could influence later tasks if logged and reused too broadly.

RecommendationStore only minimal non-sensitive telemetry, exclude client content by default, document retention, and require user approval before reusing logs as context.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

references/deep_research.py

identify_research_needs(extracted_text) ... 依赖: WebSearch + WebFetch 工具链

The research helper builds research needs from extracted document text and expects WebSearch/WebFetch integration; this is purpose-aligned but involves external provider/tool flows.

User impactSearch queries derived from uploaded client material could reveal project topics or identifiers if not sanitized.

RecommendationUse generic search queries, strip client names and confidential details, and ask before sending any document-derived terms to external search providers.