Back to skill
Skillv1.0.0
ClawScan security
knowledge-base-qa-assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 3:04 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (building a private document Q&A knowledge base) matches its instructions and requested resources; it is an instruction-only skill with no surprising installs or credential requests.
- Guidance
- This skill looks internally consistent, but it's instruction-only: it describes what to do without providing code or installers. Before you rely on it, confirm where uploaded documents and the vector index will actually be stored and who can access them (encryption at rest, access controls, retention policy). Verify what tooling will perform PDF/Word/PPT parsing and embeddings (local libraries versus third-party APIs). If embeddings or LLM calls go to an external provider, sensitive content could be sent off-host—make sure that matches your privacy requirements. Finally, never paste production secrets into chat; the OAuth client_id/client_secret example is illustrative and should not be supplied unless you intentionally integrate the skill with an OAuth provider.
Review Dimensions
- Purpose & Capability
- okThe name/description match the SKILL.md instructions: upload documents, chunk text, build a vector index, and answer questions with citations. The described file storage layout and commands are coherent with a document-QA assistant. There are no unrelated environment variables, binaries, or config paths requested.
- Instruction Scope
- noteSKILL.md stays within the knowledge-base / RAG scope: it describes upload, chunking, indexing, retrieval, and answer generation. It references storing files under a local knowledge_base/ tree and shows an OAuth example in a code snippet (illustrative). It does not instruct reading unrelated system files or exfiltrating data. Note: the skill assumes the environment can parse PDFs, Word, Excel, PPT, etc., and perform embeddings/vector search; those implementation details are not specified here.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by the skill itself during installation. That minimizes install-time risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested. Example snippets mention client_id/client_secret in a generic OAuth example, but the skill does not require those values itself—so there is no disproportionate credential request.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent/high privilege or attempt to modify other skills or system-wide configuration. Autonomous invocation is allowed (default) but not combined with other red flags.