Skillv1.0.0

ClawScan security

PRD Visualization Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 9:31 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated purpose (D3-based PRD/hierarchy visualizer) and ships the expected HTML and D3 assets, but there are a few inconsistencies and a prompt‑injection indicator in SKILL.md that merit caution before installing or allowing autonomous use.
Guidance: This skill appears to implement a local D3-based PRD/hierarchy visualizer and includes the HTML and D3 library, but proceed with caution. Before installing or allowing autonomous use: 1) Manually inspect SKILL.md and the included files (hierarchy-visualizer.html, the JSON sample, and d3.min.js) for any unexpected code, network calls, or base64/obfuscated blocks (the scanner flagged a base64-block). 2) Confirm where the agent would read and write files—give explicit file paths and consent before the agent reads PRD files or writes requirements-hierarchy.json to your project to avoid accidental overwrites. 3) Run the visualizer in an isolated environment or local sandbox and verify the HTML does not call external endpoints. 4) If you want autonomous invocation, restrict its scope (require explicit user confirmation before file I/O or starting servers). If you are not comfortable reviewing the files, do not enable autonomous use and ask the skill author for clarification about the flagged content and the asset path mismatch.
Findings: [base64-block] unexpected: A 'base64-block' pattern was detected in SKILL.md content by the static pre-scan. Obfuscated or base64-encoded blocks are not expected for a simple visualization skill and should be inspected manually to ensure there is no hidden payload or prompt injection text inside the SKILL.md or other files.

Review Dimensions

Purpose & Capability: noteName/description match the included files: an HTML visualizer, a D3 library, and a sample JSON. The assets are proportionate to the described functionality. Minor inconsistency: the SKILL.md copy commands reference top-level filenames (e.g., hierarchy-visualizer.html, d3.min.js) while the manifest puts them under an assets/ directory, which could cause confusion or accidental file overwrite if the agent runs the commands as-is.
Instruction Scope: concernRuntime instructions tell the agent to find and read a user's PRD file, convert arbitrary Markdown/text to hierarchical JSON (including inferring statuses), write JSON into the user's project, copy files into a user project folder, and start a local HTTP server. Reading and writing user files and starting services is reasonably within the skill's purpose when the user explicitly requests visualization, but the instructions are open‑ended (no explicit limits on which files to read, no explicit user-confirmation step) and could cause unwanted file writes/overwrites or unauthorized access to unrelated files. Additionally, a pre-scan flag detected a 'base64-block' pattern in SKILL.md, which suggests the README/instructions may contain obfuscated content or an attempt to manipulate the agent; this should be inspected manually.
Install Mechanism: okNo install spec (instruction-only) and included code files are local assets. There are no remote downloads or archive extraction steps. This is low-risk from an installation mechanism perspective.
Credentials: okThe skill requests no environment variables, credentials, or config paths. That is proportionate to a client-side visualization tool.
Persistence & Privilege: okalways is false and the skill does not request system-wide changes or persistent elevation. It will not be force-included and does not declare privileged persistence.