Back to skill
Skillv1.0.0
ClawScan security
Pencil Design · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 15, 2026, 2:45 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The SKILL.md mostly matches a 'Pencil CLI' design tool, but the runtime instructions request credentials, environment variables, and network installs that are not declared in the skill metadata — review before installing or running commands.
- Guidance
- This skill appears to do what it says (drive the Pencil CLI), but the runtime instructions expect you to install an npm package, authenticate with Pencil (or set PENCIL_CLI_KEY), and have/authorize a Claude Code agent — none of which are declared in the registry metadata. Before installing or running any commands: 1) Inspect the npm package (@pencil.dev/cli) on npmjs.com or the package tarball and review its source and SKILL.md to make sure you trust it. 2) Prefer local install and npx usage over global npm install if you are unsure; avoid running npm install -g without review. 3) Do not paste secrets (PENCIL_CLI_KEY, Claude tokens) into prompts or env vars unless you understand where they are stored and who can access them; verify whether the CLI uploads data to a remote service. 4) If you must fetch SKILL.md from unpkg/jsDelivr, review the fetched file before copying into your agent's skills folder. 5) If possible, run first in an isolated environment/container. 6) Ask the publisher to update the skill metadata to list PENCIL_CLI_KEY and any Claude/agent credential requirements explicitly so you know what will be requested ahead of time.
Review Dimensions
- Purpose & Capability
- noteThe skill name and description describe a CLI-driven design generator (Pencil), which aligns with instructions to run the Pencil CLI and generate .pen files. However, the registry metadata declares no required env vars/credentials while the SKILL.md explicitly references authentication (PENCIL_CLI_KEY, Pencil login/signup) and the need for a Claude Code agent — an inconsistency between claimed requirements and actual runtime needs.
- Instruction Scope
- concernThe SKILL.md instructs the agent to run shell commands (which is expected) and to install the Pencil CLI via npm, run 'pencil status' (which reads local Pencil config), create or log into user accounts, and use a Claude Code agent for model inference. It also recommends fetching SKILL.md from unpkg/jsDelivr and copying files into agent skill directories (e.g., ~/.cursor/skills). These steps access local config and download remote files; the doc uses env vars and authentication actions that were not declared in the skill metadata.
- Install Mechanism
- noteThere is no formal install spec, but the document tells users to install @pencil.dev/cli from npm (global or local) and to fetch SKILL.md from unpkg/jsdelivr. npm installs from the public registry and fetching from unpkg/jsDelivr are common, but they involve running third-party code and downloading remote content; users should review the package and avoid blind global installs.
- Credentials
- concernThe skill metadata lists no required env vars, yet the instructions reference PENCIL_CLI_KEY and require a configured Claude Code agent (authentication via env or subscription). Requesting these credentials is plausible for a CLI that uses remote AI, but omitting them from declared requirements is a mismatch and means the agent or user may be asked to provide secrets unexpectedly.
- Persistence & Privilege
- okThe skill does not request 'always: true' and is user-invocable. It instructs copying SKILL.md into user skill directories (user-level files) but does not ask to modify other skills or system-wide agent config. Autonomous invocation is allowed by default (disable-model-invocation is false), which is normal — this combines with other concerns but is not itself a new privilege escalation.