Cn Text Encoding Detector
PassAudited by ClawScan on May 14, 2026.
Overview
This looks benign: it runs a small local Python script to inspect a chosen file’s encoding, with no visible network, credential, persistence, or hidden behavior.
This skill appears safe for ordinary use as a local encoding checker. Only run it on files you intend to inspect, and do not grant API keys or credentials because the reviewed artifacts do not need them.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a sensitive or very large file, the script will read it locally and report its path and size.
The tool can read any local file path supplied by the invoking user or agent. This is necessary for encoding detection and the script does not print or transmit file contents, but it should be used only on intended files.
parser.add_argument("--file", required=True) ... with open(filepath, "rb") as f: data = f.read(10000) ... size = len(f.read())Run it only with explicit file paths you want inspected, and avoid using it on sensitive or huge files unless needed.
A user may be confused if the platform presents this skill as needing credentials, even though the reviewed artifacts do not show any need for them.
The supplied capability signal implies sensitive credentials, but the declared requirements and included source do not request or use credentials. This appears to be an unsupported metadata/signal mismatch rather than actual credential handling.
Capability signals: requires-sensitive-credentials; Required env vars: none; Primary credential: none
Do not provide credentials for this skill unless a future version clearly explains and justifies why they are needed.