Skillv1.0.0

ClawScan security

Fund Proposal Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 11:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated purpose (proposal templates, checks, and a daily-check script) but includes user-specific, hardcoded filesystem paths, a past fixed deadline, and personalized strings — behaviour that is coherent with document management but surprising for a generic published skill.
Guidance: This skill appears to do what it says (templates, checks, and an automation script), but exercise caution before running the included daily_check.py: it contains hardcoded Windows paths (Y:\ and D:\...), a fixed deadline in early March 2026, and personalized names — likely tailored to a specific user. If you plan to use the script, (1) review the code line-by-line, (2) edit OUTPUT_DIR/FUND_DOC_DIR/REPORT_DIR to safe locations you control, (3) back up any documents it may copy/overwrite, (4) run it in a sandbox or VM (especially if your OS is not Windows), and (5) consider removing or replacing personal identifiers. If you will allow an agent to run skills autonomously, deny execution until you have verified the script's paths and behavior. These oddities are explainable by sloppy packaging/personalization but should be fixed before widespread use.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes writing, checking, templates and a 'daily_check.py' script — these capabilities align with a fund-proposal assistant. However, the included script is tightly tailored to a specific user's environment (hardcoded Windows paths, username references such as '豹老大', 'SuperMike', '纪金豹'), which is disproportionate for a generic public skill.
Instruction Scope: concernThe runtime instructions and templates stay on-topic, but the shipped Python script will read and copy local .docx files using absolute paths (FUND_DOC_DIR = 'Y:\', OUTPUT_DIR and REPORT_DIR on D:\). The SKILL.md does not declare these paths or ask for confirmation, and the script may attempt file I/O on the host if executed by an agent. No network/exfiltration code is present, but the file-system access is unexpected for an instruction-only skill.
Install Mechanism: okNo install spec; the skill is instruction-only with a code file. This is lower risk than remote downloads or package installs.
Credentials: noteNo environment variables, credentials, or external endpoints are requested. Good. But the script implicitly assumes Windows drive letters and particular local folders, which may expose or overwrite local documents if run without modification.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges or modify other skills. Autonomous model invocation is allowed by default but is not combined with other high-risk flags.