Skillv1.0.0

ClawScan security

article-taster · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 3:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are consistent with its stated purpose of analyzing articles and detecting AI-like writing; it does not request unrelated credentials or external installs, but it is shipped as executable Python code so review and sandboxing are recommended before running.
Guidance: This skill appears internally coherent for the stated purpose (article quality scoring and AI-detection) and contains only local Python code and configuration. However, because the package includes executable Python scripts, treat it like any third‑party code before running: 1) review the source (you have it) for any hidden network calls or unexpected file/system access; 2) install and run it in an isolated environment (virtualenv, container, or sandbox) and avoid running it on systems with sensitive data; 3) do not feed highly sensitive documents into the tool until you are comfortable with its behavior; 4) install dependencies (requirements.txt) only in the sandbox; 5) be aware the AI-detection is heuristic-based and can misclassify content (the code even includes exemption rules for poetry/classics). If you need higher assurance, run static analysis tools or have a developer audit the code for any subtle data exfiltration or OS-level operations before using it on production machines.

Review Dimensions

Purpose & Capability: okName/description (article analysis and AI-detection) match the included files: classifier, analyzers, ai_detector, scorer, and report generator. Declared requirements (none) and actual artifacts (Python scripts + requirements.txt listing jieba, scikit-learn, numpy) are appropriate for text analysis in Chinese. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md and main.py describe only reading article text (from --text, a file, or a directory) and running local analyses. The runtime instructions do not direct the agent to read system credentials, network endpoints, or unrelated files. The logic focuses on text statistics, pattern matching, and heuristic scoring; there is no instruction to transmit data externally.
Install Mechanism: noteThere is no install spec in the registry (instruction-only from platform perspective), which reduces automated install risk. However the bundle includes runnable Python code and requirements.txt (jieba, scikit-learn, numpy). That means a user/agent executing the skill will likely need to install Python dependencies before running. Lack of an explicit install script is not malicious but means the operator must manually install dependencies (preferably inside an isolated virtualenv/container).
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The code does not reference external secrets or cloud APIs. All environment access is limited to local file reads (user-supplied article files) and typical Python runtime usage.
Persistence & Privilege: okSkill flags are default (always:false, user-invocable:true, model-invocation enabled). The skill does not request permanent platform-wide privileges or attempt to modify other skills' configuration. It will execute only when invoked by the agent/user.