Skillv1.0.0

ClawScan security

thesis-revision-editor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 5:56 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This is an instruction-only thesis editing skill whose requested actions (reading a supplied thesis, producing prioritized edits, and saving a revised copy) are consistent with its name and description; no credentials or installs are requested, but there are a few small implementation assumptions you should verify before use.
Guidance: This skill is mostly self-consistent, but before installing or running it: (1) Confirm the agent runtime has explicit permission to read the file paths you provide and to write new files in the target directory; test with a harmless sample document first. (2) If you need DOCX in-place editing, verify the runtime includes tools/libraries to edit DOCX (the skill assumes this but does not install anything). (3) Be cautious about supplying sensitive unpublished data — the skill will read and write local files; ensure you know where revised copies will be saved and back up originals. (4) Note the references mention a local source file (7suggestion.txt) that isn't bundled; ask the publisher what that file contains if it matters for reproducibility. If you want greater assurance, run a short revision task with non-sensitive content to confirm behavior and saved file formats before processing a full thesis.

Review Dimensions

Purpose & Capability: okThe skill's name and description match the runtime instructions: it reads a supplied thesis (text or file path), produces a modification list, revises content, and saves a revised copy. It does not request unrelated credentials, network endpoints, or unusual binaries.
Instruction Scope: noteThe SKILL.md explicitly instructs the agent to read local file paths and save revised copies next to originals (or to the CWD for pasted text). That behavior is appropriate for a revision tool, but the instructions also assume the runtime can edit DOCX files 'if direct structured editing is feasible' and refer to a local source '7suggestion.txt' (not included). The metadata declares no config paths or tooling for DOCX editing — verify the execution environment supports whatever file formats you intend to use.
Install Mechanism: okNo install spec or code is provided (instruction-only). This minimizes supply-chain risk: nothing is downloaded or written by an installer as part of the skill package.
Credentials: okNo environment variables, credentials, or external endpoints are requested. The actions described require only local file I/O and text processing, so requested access is proportionate to the stated purpose.
Persistence & Privilege: okalways is false and the skill does not request special persistent privileges or attempt to modify other skills. Autonomous invocation is allowed (platform default) but there are no additional elevated privileges.