Skillv1.0.0

ClawScan security

Academic Reader (Holli) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 7:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's content and prompts match its stated purpose (an academic reading assistant), but there are coherence issues — notably a declared node binary requirement despite no code, and a recommendation to use the Claude API without any declared credentials or install steps — that warrant caution before installing.
Guidance: This skill appears to be a prompt-driven academic reader and largely does what it says, but there are inconsistencies you should clarify before installing: (1) Ask the author why 'node' is listed as a required binary when there is no Node code or install script — if none is needed, remove the requirement. (2) Confirm how Claude API access is provided: does the platform supply the model/key, or will you need to supply an API key (and where)? The skill currently declares no env vars for credentials. (3) Prefer skills with a public repository/homepage you can inspect; the SKILL.md metadata points to a GitHub URL but 'Source' is unknown — verify that URL and review remote code/history. (4) Because this is instruction-only, it cannot install code on your machine, reducing some risk, but do not provide any unrelated credentials until you understand why they're needed. If the author cannot justify the node requirement or model/credential handling, treat the skill as untrusted.
Findings: [no_code_files_for_node_requirement] unexpected: Static scanner found no code files to justify the declared 'node' binary requirement. For an instruction-only skill, a node requirement is unexpected. [no_regex_findings_instruction_only] expected: Regex-based scanner had nothing to analyze because the skill is instruction-only; absence of findings is not proof of safety.

Review Dimensions

Purpose & Capability: concernThe name, description, prompts, and config all describe a prompt-driven reading assistant — that fits. However the metadata declares a required binary 'node' even though the package contains no code files or install script; requiring node is disproportionate to the purely instruction/prompt-based skill.
Instruction Scope: noteSKILL.md and prompts stay within the described purpose (chapter analysis, reflection, plans). It references use of the Claude API for analysis, which is expected for model-backed skills, but the instructions don't specify how API access is provided or what env vars are needed; otherwise there are no instructions to read unexpected files or exfiltrate data.
Install Mechanism: okNo install spec and no downloadable code are present (instruction-only). This minimizes installation risk. The README mentions 'clawhub install' but there's no underlying install script — a minor inconsistency but not a high install risk.
Credentials: concernThe skill recommends access to the Claude API (Sonnet) and names a recommended model in config, yet declares no required env vars or primary credential. Requiring the 'node' binary with no Node code is also disproportionate. It's unclear where credentials are expected to be supplied (platform-managed model config vs. env vars).
Persistence & Privilege: okalways is false, no config paths or persistent hooks are requested, and the skill does not request system-wide changes. Autonomous invocation is allowed (platform default) but not combined with other elevation requests.