Skillv0.1.1

ClawScan security

3dgs Paper Reader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 10:46 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only paper-reading assistant for 3D Gaussian Splatting papers; its declared behavior, required resources, and instructions are internally consistent and proportional to its stated purpose.
Guidance: This skill is coherent for reading arXiv papers or local PDFs and does not request credentials or install code. Before using: (1) Only supply local PDFs you are comfortable sharing—the skill's instructions explicitly allow reading local file paths. (2) Verify any numeric results or tables the skill extracts against the original PDF (SKILL.md instructs not to fabricate, but automated extraction can make mistakes). (3) Be aware the skill may fetch content from arXiv.org when given an arXiv ID or URL. If you need stricter guarantees, avoid providing sensitive local documents and manually verify key metrics and claims reported by the skill.
Findings: [instruction-only_no_code_files] expected: The repository contains only SKILL.md with runtime instructions and no code files; this is expected for a purely instruction-driven paper-reading skill. [external_link_github_star] unexpected: SKILL.md includes a request to star a GitHub repo. Harmless but not required for functionality; not harmful but not essential to core purpose.

Purpose & Capability: okName/description (3DGS paper reader) match the SKILL.md: instructions focus on fetching arXiv papers or reading local PDFs and extracting method/experiments/results. No unrelated binaries, credentials, or installs are requested.
Instruction Scope: noteInstructions ask the agent to fetch from arXiv and read local PDF paths when provided—these are appropriate for paper reading. The skill does not instruct accessing unrelated system files or secrets. Users should be aware that providing local PDF paths grants the skill access to those files (expected behavior).
Install Mechanism: okNo install spec and no code files — instruction-only skill that does not write to disk or install third-party binaries; lowest-risk install profile.
Credentials: okNo environment variables, credentials, or config paths are required. Requested capabilities are proportional to the purpose (fetching arXiv and reading PDFs).
Persistence & Privilege: okalways is false and the skill has no install-time persistence. Model invocation is allowed (default) but that is expected for user-invocable skills and is not combined with other concerning privileges.