Skillv1.3.0

ClawScan security

Geo Poison Detector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 18, 2026, 3:47 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and resource files are coherent with its stated purpose (detecting GEO/soft-ad poisoning) and do not request unrelated credentials, installs, or system access.
Guidance: This skill appears internally consistent: it bundles a harmless Python helper that builds public verification URLs and a list of pseudo‑tech buzzwords; the runbook tells the agent to fetch pages (web_fetch) and run local checks. Before installing, consider: (1) If you enable the skill's automatic auto‑trigger mode, the agent may fetch user-provided URLs — ensure that outbound web_fetch behavior and privacy policies are acceptable in your environment. (2) The detection is heuristic and may yield false positives/negatives; treat results as investigative help, not definitive proof. (3) If you want to be extra cautious, keep the skill user‑invocable only (disable autonomous triggers) and review/execute scripts in an isolated environment — the bundled script itself does not perform network calls or exfiltrate data. Overall, no unexplained credential or install requests were found.

Purpose & Capability: okName, description, and included artifacts (pseudo-tech term list + Python verifier) align with a product/soft-ad poisoning detector. No unrelated secrets, binaries, or platform SDKs are required.
Instruction Scope: noteSKILL.md directs the agent to scan text with the included term list, run the bundled scripts/verify_product.py, and (optionally) fetch web pages via web_fetch. All referenced files are present and used for the stated checks. Note: web_fetch will retrieve arbitrary pages supplied by users — this is expected for URL analysis but has privacy/CSF implications (see guidance).
Install Mechanism: okNo install spec; instruction-only with one small Python script and a reference file. No external downloads, package installs, or extract steps are present.
Credentials: okThe skill requires no environment variables, credentials, or privileged config paths. The Python script constructs public search URLs and prints checklists; it does not access secrets or perform network requests itself.
Persistence & Privilege: okalways is false and there is no request for permanent/privileged presence or modification of other skills or system settings. Autonomous invocation is allowed (platform default) but not combined with other red flags.