Skillv1.0.0

ClawScan security

thesis-abstract-keyword-writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 28, 2026, 6:03 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are consistent with its stated purpose (writing abstracts and keywords); it is instruction-only, asks no credentials, performs no installs, and contains no obvious scope creep.
Guidance: This skill appears coherent and limited to writing abstracts/keywords. Before using it: (1) avoid pasting extremely sensitive or unpublished data if you do not want it handled by the agent; (2) provide complete method/results info when available—the skill explicitly warns against fabricating findings and will produce provisional frameworks if details are missing; (3) check your institution's policies on using AI/third-party writing assistance (authorship/plagiarism rules); (4) review generated abstracts for accuracy and compliance with formatting/word limits before submission. If you see later that the skill requests network access, environment variables, or an install script, stop and re-evaluate — that would change this assessment.

Purpose & Capability: okName and description match the SKILL.md and reference guide. The skill only requires the user's thesis text and metadata (language, limits, methods, results) which is appropriate for generating abstracts/keywords. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md provides focused runtime instructions: read the included guide, extract user-supplied thesis elements, choose an abstract type, and produce an abstract plus 3–8 keywords. It explicitly forbids fabricating results and limits output to Abstract/Keywords. It does not instruct the agent to read unrelated system files, call external endpoints, or exfiltrate data.
Install Mechanism: okThere is no install spec and no code files to execute. This instruction-only skill writes nothing to disk and does not fetch external artifacts, which is the lowest-risk install profile.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The instructions only reference the included reference document and user-provided thesis content; there is no disproportionate access requested.
Persistence & Privilege: okalways is false and default autonomy settings are unchanged. The skill does not request persistent system presence or modify other skills. Autonomous invocation is the platform default and not a concern here given the limited, local scope of the skill.