Skillv1.0.0

ClawScan security

Html Report Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 2:21 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (generate a visual HTML report) matches its instructions, but the runtime steps reference an undeclared deployment command and assume filesystem/deploy permissions without explaining required tools or credentials.
Guidance: This skill appears to genuinely generate HTML report pages, but pay attention before installing or running it: the instructions call a generic 'deploy' command and write files to /workspace, yet the skill declares no deploy tool, no install steps, and no credentials. Ask the publisher (or inspect the runtime environment) which 'deploy' utility will run, where it will host the report, and whether any hosting/service credentials are required or will be used — those could cause your data to be uploaded externally. If you plan to run on sensitive data, test the skill in an isolated workspace and verify what the 'deploy' implementation does (or replace the deploy step with a controlled upload you understand).

Review Dimensions

Purpose & Capability: noteName/description (HTML report generator) matches the SKILL.md: it parses user data, generates HTML components and a full template. However, the skill's claimed capability includes '直接部署链接' (direct deployment) while no deployment tool, service, or credentials are declared. The use of a generic 'deploy' command is not justified by the metadata.
Instruction Scope: noteInstructions are mostly scoped to parsing user data, composing HTML, writing a file to /workspace/{project}/index.html and running 'deploy --dist_dir ...'. They do not ask to read unrelated system files or environment variables. But the deployment step is vague about destination and may cause the agent to send user data externally depending on the platform's 'deploy' implementation — the SKILL.md does not specify or constrain that behavior.
Install Mechanism: okInstruction-only skill with no install spec or code files — lowest installation risk. Nothing is downloaded or written at install time.
Credentials: concernThe skill declares no required environment variables or credentials, yet it instructs a deploy step that in practice typically requires service credentials (cloud or hosting). There is a mismatch: either the environment/platform must provide an implicit 'deploy' helper (with its own permissions), or the skill expects unstated credentials. This is disproportionate/unclear.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent privileges or modify other skills. Autonomous invocation is allowed (platform default) but that alone is not a problem here.