Back to skill
Skillv1.0.0
ClawScan security
Extracts structured data from emails · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 27, 2026, 9:26 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only mail-parsing skill whose requested inputs and behavior match its description and which does not ask for extra credentials or install code.
- Guidance
- This skill is internally consistent and low-risk from an installation/privilege perspective because it is instruction-only and asks for no credentials. Before using it on real data, test with sanitized example emails to verify the parser's behavior (company extraction rule, handling of multiple contacts or codes). Avoid submitting highly sensitive or regulated email contents (passwords, financial account numbers, personal health information) to any third-party skill unless you control where outputs/logs are stored. If you need stronger guarantees, request a version that documents exact parsing rules, edge-case behavior, and data retention (or run the parsing locally in controlled software).
Review Dimensions
- Purpose & Capability
- okThe name/description match the SKILL.md instructions: extract structured fields from email text. The skill requests no binaries, credentials, or config paths that would be unrelated to parsing emails.
- Instruction Scope
- noteInstructions are narrow (take email text, return the specified JSON). However, some extraction rules are under-specified (e.g., how to choose contact_person when multiple names exist, handling multiple discount codes, or ambiguous 'company = domain between @ and first dot'). These are functional/accuracy issues rather than security concerns, but they could cause incorrect or overly broad extraction of personal data.
- Install Mechanism
- okNo install spec or code files — instruction-only — so nothing is written to disk or downloaded at install time.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. There is nothing requesting unrelated secrets or access.
- Persistence & Privilege
- okalways is false and autonomous invocation is the platform default; nothing else in the skill requests permanent presence or elevated privileges.