Skillv0.1.1

ClawScan security

Library of Babel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 8, 2026, 1:18 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The code implements the Library-of-Babel math engine that matches the stated functionality, but the documentation contains small contradictions (claims of “no storage” and “no randomness”) and the packaged demos persist to a local codex.json file — inconsistencies you should understand before installing.
Guidance: The package appears to implement exactly what it claims (a deterministic Library-of-Babel engine) and has no network calls or secret requirements — that is good. Two small but important caveats: (1) despite the README's blanket statement of “No storage,” the demo function add_to_codex() will append user-provided entries to codex.json in the skill folder (it persists data locally); (2) despite saying “No randomness,” the demo entropy heatmap uses a PRNG to pick demo coordinates (the core page-generation math remains deterministic). If you plan to install/run this skill: run it in a sandbox or inspect/backup codex.json first, avoid running it with elevated privileges, and be comfortable that the skill will write to its local codex.json file. If you need the skill to be read-only, do not call add_to_codex() or make codex.json immutable. Finally, the package source and homepage are unknown — if provenance is important, try to verify the author or obtain the code from a trusted source before trusting it in production.

Review Dimensions

Purpose & Capability: noteThe name/description (find addresses, read pages, compute entropy) align with the included Python code (babel_core.py, demo.py). However SKILL.md repeatedly claims “No database. No storage. No randomness,” while the package provides demo code that (a) uses random.Random to pick demo coordinates and (b) includes add_to_codex() which writes user entries to codex.json. These behaviors are reasonable for demos but contradict the 'no storage/no randomness' claim in the README.
Instruction Scope: okThe runtime instructions and code operate only on local files and pure-Python math operations: they read/write codex.json and call deterministic hash functions. The skill does not reference environment variables, network endpoints, or system paths outside its own directory. The only file write is codex.json via add_to_codex(), which is within the advertised codex feature.
Install Mechanism: okNo install spec and no external downloads; this is an instruction + source bundle that relies only on the Python standard library (hashlib, json, etc.). No network fetch or archive extraction is present.
Credentials: okThe skill requests no environment variables or external credentials. All required resources are local files included in the bundle (codex.json). No unexpected secrets or unrelated credentials are requested.
Persistence & Privilege: notealways:false and the skill doesn't request elevated/system-wide privileges. It does persist user additions to codex.json in its directory (add_to_codex writes JSON). This is limited in scope, but it does change local disk state — users should be aware of this persistent write.