Skillv1.0.0

ClawScan security

Knowledge Graph Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 4:57 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (generate knowledge graphs from URLs/files) is plausible, but its runtime instructions include unexpected behaviors (hard-coded user file path, broad file: access, and vague fetch methods) that are disproportionate or surprising and warrant review before use.
Guidance: Before installing or enabling this skill, consider the following: (1) The skill accepts file: URLs and instructs fetching via browser automation or local file reads — confirm you are comfortable allowing reads of local files and that the agent will only access files you explicitly permit. (2) The SKILL.md hard-codes an output save path (/Users/kidehen/...) — ask the publisher to remove the hard-coded path or make saving opt-in and configurable; do not allow automatic writes to arbitrary user directories. (3) Because the skill is instruction-only (no code), you cannot audit runtime binaries it might invoke — require the skill to ask for explicit permission before network access, local file reads, or writes. (4) If you plan to allow autonomous invocation, restrict its scope (disable file: handling or require interactive confirmation) to reduce exfiltration risk. (5) Ask the publisher for provenance (who authored it) and for a version of the SKILL.md that removes user-specific paths and clarifies which fetch tools are expected and which permissions will be required.

Review Dimensions

Purpose & Capability: noteName and description match the templates and prompt content: generating RDF/JSON-LD from HTTP(S) or file: sources is coherent. However, the SKILL.md also instructs saving outputs to a hard-coded, user-specific path (/Users/kidehen/...), which is not justified by the stated purpose and is unexpected for a general-purpose skill.
Instruction Scope: concernInstructions instruct the agent to fetch content via 'available tools (browser automation, WebFetch, file read, etc.)' which is broad and gives the agent wide discretion to perform network and local file reads. The skill explicitly accepts file: URLs (local files) — this is a sensitive capability that can expose local data. It also mandates writing outputs to a specific local path without asking the user. The combination of arbitrary file reads and hard-coded write location is scope creep and a privacy/exfiltration risk.
Install Mechanism: okInstruction-only skill with no install spec or external downloads — minimal installation risk. There is no code to be written to disk by an installer step.
Credentials: noteNo environment variables or credentials are requested (good). But the runtime text expects network and local file access; absence of declared required permissions for file I/O or network use is a mismatch between what the instructions assume and what the registry metadata declares.
Persistence & Privilege: concernalways:false and no autonomous-disable flags are fine. However, the skill instructs the agent to save generated files to a specific user Documents path (including a username), implying persistent writes to the host filesystem. That is a privileged action for an instruction-only skill and should require explicit confirmation and a configurable path.