Blind Review Sanitizer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong path, the agent could process or overwrite the wrong local document.
The skill is allowed to read, write, edit, search files, and use Bash. This is expected for a local document sanitizer, but it means file paths and command use should be deliberate.
allowed-tools: [Read, Write, Bash, Edit, Grep]
Use explicit input and output paths, keep an unchanged backup of the manuscript, and review the sanitized output before submission.
Installing dependencies without pinning may produce inconsistent behavior or pull a package version the user did not review.
The dependency is not version-pinned. It appears related to the advertised DOCX support, but unpinned packages can resolve to different versions over time.
docx
Install DOCX support from a trusted source and pin the intended package/version, such as a reviewed python-docx release, before using the skill on important documents.
Audit or removal records could reveal author identity if shared with reviewers or included in a submission package.
The sanitizer records original removed values, such as emails, in its removed-items list for audit purposes. This is useful but may retain identifiers that the sanitized manuscript is meant to hide.
self.removed_items.append(f"Email: {match.group()}")Keep audit logs private, review them before sharing any files, and delete or redact logs once verification is complete.