Skillv1.0.0

ClawScan security

File Reader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 8, 2026, 7:11 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (reading files) matches the included code, but the runtime instructions contradict the code (it tells the user to run the shell script with 'python'), which is an incoherence that should be resolved before trusting the skill.
Guidance: This skill appears to be a minimal file-reader, but the SKILL.md contains a clear mistake: it says to run the bundled read.sh with 'python', while read.sh is a bash script that runs 'cat'. Before installing or enabling it, ask the author to fix the invocation (e.g., 'bash read.sh' or './read.sh') or update the script to be Python. Also note that the script will read any file path given to it, so avoid using it to read sensitive system files or secrets. If you plan to allow autonomous invocation, be extra cautious because the agent could read files without interactive confirmation; test the skill in a safe sandbox first and verify the corrected instructions and script behavior.

Purpose & Capability: concernThe skill claims to be a simple file-reader and includes a tiny shell script (read.sh) that cats an arbitrary file—this is coherent with the description. However, SKILL.md instructs calling the script with 'python read.sh', yet no Python-specific code exists and no required binaries are declared. The script actually requires a POSIX shell and the 'cat' utility; the declared requirements omit these and the invocation command is incorrect.
Instruction Scope: concernThe SKILL.md instructs running a command that doesn't match the included script (uses 'python' on a bash script). Aside from that mismatch, the instructions only direct reading the file path provided by the user; there are no hidden endpoints, extra env vars, or references to unrelated files. The mismatch could cause failures or unexpected behavior if an agent follows the instructions literally.
Install Mechanism: okNo install spec (instruction-only) and only three small files are included. Nothing is downloaded or extracted during install, which is low-risk.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That is proportionate for a file-reading helper.
Persistence & Privilege: okThe skill is not forced always-on and uses normal agent-invocation defaults. It does not modify other skills or request elevated/persistent privileges.