Skillv1.0.2

ClawScan security

Generate Mindmap · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 20, 2026, 5:29 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions largely match its mind‑map purpose, but there are concerning implementation details (automatic pip install with flags that can affect system packages and hidden unicode control characters in the SKILL.md) that warrant caution before installing or running it.
Guidance: What to consider before installing or running this skill: - The functionality (generating interactive HTML and image/XMind exports) matches the code provided — that part appears coherent. - The included script will attempt to auto-install Pillow by invoking pip at runtime and uses the '--break-system-packages' flag in one install path; this can modify system-managed Python packages on some OSes. Prefer to manually install Pillow in an isolated environment (virtualenv/venv) rather than letting the script auto-install. - The SKILL.md contains hidden unicode control characters (prompt-injection signal). Review the SKILL.md and generate_mindmap.py source in a text editor that can show invisible characters; be cautious about any appended/hidden instructions. - Run the script in an isolated environment (non-root user, virtualenv or disposable VM/container) and inspect the full source for any network calls or subprocess invocations beyond pip before granting broader trust. - If you accept the skill, avoid running it as root. If you want to be extra safe, extract only the HTML generation parts or remove the auto-install code path before use. - If you need higher assurance, request the skill publisher/source or a signed/hosted release from a trustworthy repo; absence of a homepage/source increases uncertainty.
Findings: [unicode-control-chars] unexpected: Control/unicode-hidden characters were detected in SKILL.md. These are not needed for a mindmap generator and could be an attempt to obfuscate or manipulate agents/readers; inspect SKILL.md raw before trusting it.

Review Dimensions

Purpose & Capability: okName/description ask for generating mind maps and the package includes a Python script that produces HTML/PNG/JPG/SVG/PDF/XMind output. Requiring python3 and Pillow is reasonable and proportional to the described functionality. Writing outputs to ~/.openclaw/workspace is consistent with a user-facing exporter.
Instruction Scope: noteSKILL.md instructs the agent to run the included Python script with JSON input and to produce files (HTML/PNG/XMind) in the user's workspace — this matches purpose. However SKILL.md contains detected unicode-control-chars (potential prompt-injection/obfuscation signal) and explicitly instructs auto-installing Pillow; the doc also contains hard rules (emoji requirements) that the script enforces. No instructions request unrelated files, credentials, or external endpoints besides pip.
Install Mechanism: concernThere is no declared install spec, but the script will attempt to auto-install Pillow at runtime via subprocess calling pip. The installed pip flags include '--break-system-packages' (and output is suppressed), which can alter system-managed Python installations on some platforms — this is potentially disruptive. The install is sourced from PyPI (pip), not an arbitrary URL, but automatic runtime installation without explicit user consent is a notable risk.
Credentials: okThe skill requests no credentials or special config paths. It creates files under the user's home (~/.openclaw/workspace) which is expected. There is no evidence of access to unrelated environment variables or secrets.
Persistence & Privilege: noteSkill is user-invocable and not always-enabled. It writes output files and may create the ~/.openclaw/workspace directory — expected for an exporter. The main privilege concern is the script's ability to install Python packages at runtime (modify system/site environment), but it does not request persistent platform-level privileges or modify other skills/configs.