Skillv0.13.0

ClawScan security

Business Blueprint · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 25, 2026, 4:48 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (local Python scripts that generate blueprint JSON and diagram exports), but there are a few documentation/instruction mismatches you should review before use.
Guidance: This skill appears to do what it says: local Python scripts generate blueprint JSON and diagram exports. Before installing or running it, I recommend: 1) Inspect the repository files (especially scripts/business_blueprint/cli.py, export_svg.py and export_* files) to confirm there are no unexpected network calls or data exfiltration (look for imports/use of requests, urllib, socket, subprocess spawning with remote URLs). 2) Note the documentation mismatch: prefer SKILL.md (direct script usage) over README's pip install instructions; confirm you want to execute repository scripts rather than installing as a package. 3) Run the skill in an isolated/sandboxed environment (or container) so file writes go to a controlled location; the skill writes to projects/workspace/ by default. 4) Only supply the agent with source files/text you are comfortable sharing and do not feed secrets or credentials. 5) If you need higher assurance, grep the code for outbound network usage and run the tests / a dry-run on non-sensitive input first. If you want, I can scan the codefiles for network/OS calls and report any matches.

Review Dimensions

Purpose & Capability: noteName/description, CLI surface (plan/project/export/validate) and the included Python scripts align: the repo contains a blueprint generator, exporters (SVG, drawio, Excalidraw, Mermaid), templates and viewer assets needed for the stated functionality. However, documentation is inconsistent: SKILL.md and many scripts instruct direct execution of scripts (python scripts/business_blueprint/cli.py), while README files still show pip install -e . and other packaging instructions. PURE_SKILL_CLEANUP.md claims package/test files were removed but the manifest still includes many test files and package-like files. These are likely stale docs, not an active security problem, but they are a coherence issue to be aware of.
Instruction Scope: noteSKILL.md explicitly instructs the agent to read industry seed templates in the repo and to extract entities from user-provided source text, then write blueprint JSON and export artifacts into projects/workspace/. This is coherent for the skill's purpose. The CLI supports --from <file> which allows reading arbitrary user-supplied files (expected). There are no instructions to read unrelated system paths or environment variables. As usual, granting the agent access to user files/content to parse is required for its function — verify the agent is only given the specific source text/files you intend it to process.
Install Mechanism: okNo install spec is provided (instruction-only skill), which reduces install-time risk. The runtime model is local script execution (python scripts/...). That is proportional to the functionality. Note the README still documents pip install -e . and package installation; because no install spec exists in the registry, prefer following SKILL.md's direct-script usage. The presence of many code files means the agent will execute code from the skill repo, so inspect scripts before running in a sensitive environment.
Credentials: okThe skill declares no required environment variables, no credentials, and no required binaries. That matches the stated local, zero-external-dependency design. README mentions Python >= 3.12 (runtime requirement) which is reasonable. There are no obvious requests for unrelated secrets or credentials in SKILL.md or the manifest.
Persistence & Privilege: okFlags show always:false (not force-included) and default agent-invocation behavior. The skill writes generated artifacts to projects/workspace/ (a relative path declared in SKILL.md) which is expected for export generation. There is no indication the skill modifies other skills or requests elevated platform privileges.