Skillv1.0.0

ClawScan security

test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 2:33 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description claims Python/Claude-based analysis of AIME logs, but the SKILL.md instructs running local scripts and reading arbitrary Excel files while the package provides no code or install steps — this mismatch is concerning and needs clarification before use.
Guidance: This package is an instruction template describing Python scripts that are not included. Before installing or invoking it: (1) Do not hand over raw Excel files with real user data until you confirm where analysis runs and who can see the data — consider anonymizing or sampling logs. (2) Ask the publisher for the actual scripts (scripts/analyze_user.py, user_data_extractor, etc.) or provide your own vetted implementation; do not run unknown local scripts. (3) Verify dependencies and runtime (what is 'Claude Code' in your environment?) and confirm whether any data will be sent to external services. (4) If you cannot obtain the code/source or a trustworthy provenance, treat this skill as unsafe to run with production or sensitive data.

Review Dimensions

Purpose & Capability: concernThe stated purpose (analyzing AIME user logs) is plausible and matches the inputs described (Excel logs, user ID, date range). However, the SKILL.md repeatedly references local Python scripts (e.g., scripts/analyze_user.py, scripts.user_data_extractor) and a runtime architecture (Python + Claude Code) that are not present in the skill bundle. That is an incoherence: a skill that tells the agent to run scripts it doesn't supply or declare how to install.
Instruction Scope: concernThe instructions direct the agent to read arbitrary Excel files from user-provided filesystem paths and to extract full user query text (including non-Chinese text to be translated). This is expected for a log-analysis tool, but the SKILL.md also asserts 'Claude Code will automatically read Excel file' without specifying execution boundaries. The guidance grants broad discretion to access local files and produce verbatim user queries (potentially sensitive/PII). Additionally, the instructions are prescriptive about producing full lists of user questions and translations, which increases data-exposure risk.
Install Mechanism: noteThere is no install spec (instruction-only). That is lower-risk in general, but here it amplifies the problem: the document assumes local Python scripts and tooling exist (and suggests using Pandoc, generating .docx, etc.) yet provides no installation, dependency list, or guidance for where the code comes from. An operator would need to supply/verify the referenced scripts; otherwise the instructions are unusable or could encourage executing arbitrary local commands.
Credentials: noteThe skill requests no environment variables or credentials, which is proportionate. However, it requires direct access to local Excel files that may contain sensitive personal data or trading logs. The SKILL.md does not ask for or declare any data minimization or anonymization steps, nor does it constrain what gets transmitted to external analysis endpoints (e.g., where 'Claude Code' runs), so data-handling expectations are underspecified.
Persistence & Privilege: okThe skill does not request persistent or elevated privileges (always: false), and there is no install that writes files or modifies other skills. No evidence it tries to become always-on or alter agent configuration.