Skillv1.0.0

ClawScan security

myskill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 3:10 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and retrieval rules are coherent, but it assumes access to an internal corpus of 8 PDFs without declaring where or how those documents are stored or accessed, which is an important missing detail and a potential operational/security ambiguity.
Guidance: This skill claims to return verbatim excerpts from eight Tianchuang finance PDFs, which is reasonable, but it does not say where those documents live or how the agent should access them. Before installing, confirm: (1) Where is the merged text or the 8 PDFs stored (local path, internal bucket, or other)? (2) Who controls and updates that corpus, and is it the authoritative source? (3) That the agent will be constrained to only that corpus (so it won't search unrelated files or network locations). Also verify you actually want strict verbatim outputs (no summaries or context) and that returning verbatim internal policy text is acceptable from a privacy/compliance standpoint. If you can supply or point the skill to a specific, limited document store (and document provenance), the missing ambiguity would be resolved and my confidence would increase.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (verbatim retrieval from Tianchuang finance docs) matches the declared retrieval rules and document list in config/README. However, the package provides no mechanism, file paths, or environment/config requirements showing how the agent will actually access the 8 PDF documents (or their merged text). That gap makes the required capability unclear: a retrieval skill would normally declare where the corpus lives or include the corpus or require a config path/URL.
Instruction Scope: concernSKILL.md instructs strict document searches and verbatim output and does not direct the agent to read unrelated system files or secrets. The concern is that it assumes the agent can search the 'complete Tianchuang financial document corpus' but does not specify the corpus location, access method, or any constraints. This ambiguity could lead to inconsistent behavior (agent may need to fetch files from unknown locations) or accidental access to other documents if implementers configure the corpus too broadly.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill package itself.
Credentials: okNo environment variables, secrets, or external credentials are requested. That is proportionate for a read-only retrieval skill. There is no indication of attempts to access unrelated credentials or config paths.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or elevated privileges. No instructions to modify other skills or system-wide settings are present.