Back to skill
Skillv1.0.0
ClawScan security
cn-ascii-art · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 3:19 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (ASCII art generation); it requests no credentials, makes no network calls, and the included script is small and self-contained.
- Guidance
- This skill appears safe and coherent: it prints ASCII art to stdout, uses pyfiglet if available, and falls back to a simple local algorithm if not. If you plan to install, consider: (1) installing pyfiglet via pip for better fonts (pip install pyfiglet); (2) reviewing the small script locally before use (it contains no network or file-exfiltration logic); and (3) noting Chinese character support is limited (the script warns about this). If you require stronger assurances, verify the skill's source/publisher or run it in an isolated environment before granting it broader access.
Review Dimensions
- Purpose & Capability
- okName/description match the provided files: an ASCII-art generator. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md instructs running the included Python script and optionally installing pyfiglet; the runtime instructions do not ask the agent to read other files, env vars, or transmit data externally.
- Install Mechanism
- okNo install spec is provided (instruction-only plus a small script). The script attempts a local import of pyfiglet but does not download or execute remote code.
- Credentials
- okNo environment variables or credentials are required. The functionality (render text to ASCII) does not need secrets or external access.
- Persistence & Privilege
- okalways is false and the skill does not modify system or other-skill configurations. It has no elevated or persistent privileges.