Skillv1.0.0

ClawScan security

Slides Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 12:42 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it claims (generate branded slides) but its runtime instructions ask the agent to download-and-execute a remote script and to auto-install system packages (pip/npm), which is disproportionate and risky.
Guidance: This skill likely performs the claimed slide generation, but exercise caution before running it. Specific recommendations: - Do NOT run the curl | bash command without inspection. Instead, inspect the script text first or use the local scripts/generate_slides.sh included with the skill package. - Prefer running the script in an isolated environment (container or VM) or a Python virtualenv and use npm with --location=project or --user equivalents to avoid global installs. - The script will automatically run pip3 install fpdf2 (no --user) and may invoke npx to pull mermaid-cli — these change your system and could run arbitrary code. Consider manually installing verified dependencies from trusted sources. - If you must use the remote URL, verify it points to a pinned commit or release (not just raw/master) and review the script content for unexpected network calls or command execution. - If you need stronger assurance, ask the skill author for a signed release, a reproducible package, or a versioned GitHub release instead of executing raw content from the web. - If you are not comfortable auditing shell/Python scripts, avoid running this skill on sensitive hosts.

Review Dimensions

Purpose & Capability: concernThe stated purpose (markdown -> PDF slides with Mermaid support) matches the included script's functionality, but the SKILL.md declares no required binaries or env vars while instructing users to run tools that do require them (python3, fpdf2, mermaid-cli/npm). That mismatch is unexpected and reduces transparency.
Instruction Scope: concernThe SKILL.md explicitly instructs executing a remote script via bash <(curl -s https://raw.githubusercontent.com/...), which downloads and executes code at runtime. The document also instructs global installs (npm -g, pip3 install) and saving temporary files. There are no instructions to verify the remote script or pin a commit hash. Apart from that, the instructions limit file access to the provided markdown and optional logo.
Install Mechanism: concernThere is no formal install spec, but the runtime script will auto-install Python packages (pip3 install fpdf2) and relies on mermaid-cli (either installed or run via npx, which pulls from npm). The SKILL.md's curl|bash pattern executes code fetched from GitHub at runtime; while GitHub is a known host, downloading and executing unverified remote code is high risk. The script's auto-installation uses global installs (no --user), which can modify the system environment.
Credentials: okThe skill does not request environment variables, credentials, or config paths. The script also does not read other system credentials. This is proportionate to the stated purpose.
Persistence & Privilege: noteThe skill is not always-on and does not request special platform privileges. However, the script performs package installations (pip3 install, and may invoke npm installs via npx) that can affect the host environment and may require elevated permissions. It does not persistently modify agent configuration or other skills.