Skillv0.4.0

ClawScan security

plsreadme · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 12, 2026, 2:20 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (reading local markdown and publishing it as a public link) matches its description, but it recommends running an npx package or sending content to https://plsreadme.com — both are external code/endpoints from an unknown source, so verify before using.
Guidance: This skill does what it promises (publish markdown as public links) but exercise caution before installing or running it: - Verify the service and npm package: there is no homepage or repo in the skill metadata, and the README suggests running 'npx -y plsreadme-mcp' (npx will download and execute code from the npm registry). Inspect the package/source on npm or GitHub before running npx. - Prefer the remote MCP URL only if you trust plsreadme.com; understand that uploaded content becomes a permanent public URL. - Confirm with users before uploading any files or pasted text that may contain secrets or private information. - If you must use npx, consider running it in a restricted environment or inspecting the package contents first rather than using '-y' to auto-accept. If you can obtain the package repository or a verified homepage for plsreadme, re-run evaluation — that evidence would raise confidence and could change the verdict to benign.

Review Dimensions

Purpose & Capability: okName/description align with the runtime instructions: the skill reads markdown (or accepts text) and publishes a public link via plsreadme.com. No unrelated credentials, binaries, or paths are requested.
Instruction Scope: noteSKILL.md explicitly instructs the agent to read local .md files and upload them to the plsreadme service (or accept text). That is consistent with the purpose, but it involves reading arbitrary files and transmitting their contents to an external, public endpoint — so the agent must confirm with the user before sharing sensitive content (the doc even notes links are public).
Install Mechanism: concernThere is no formal install spec, but the README recommends 'npx -y plsreadme-mcp' which will fetch and execute code from the npm registry at runtime. npx executes remote packages (supply-chain risk). The alternative is a remote MCP URL (https://plsreadme.com/mcp), which means content and metadata will be sent to that external service. No homepage, repository, or package provenance is provided to validate the npm package or remote endpoint.
Credentials: okThe skill requests no environment variables, credentials, or config paths. That is proportionate to its stated task. However, the effective capability (read local files + upload to public site) can expose sensitive data if used without caution.
Persistence & Privilege: okThe skill does not request always:true or any elevated/persistent platform privileges. It's user-invocable and can be invoked autonomously per platform default, which increases impact if combined with external execution, but autonomy alone is not a new risk here.