Skillv0.1.0

ClawScan security

momo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 18, 2026, 11:36 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description promises time-tracking, invoice generation (PDFs) and payment tracking, but the included instructions and script are only a minimal stub that does not implement those capabilities — this mismatch is incoherent and warrants caution.
Guidance: This package appears to be a stub: it promises full time-tracking and invoicing features (PDF generation, payment tracking) but the only included script just echoes modes and does not store or send data. If you expected a working invoicing tool, do not rely on this release — ask the publisher for a full implementation or source for the invoice/reporting code. From a security standpoint the current contents are low-risk, but avoid giving it access to your real data until it actually implements storage, export, or external network calls. If you install or test it, run it in an isolated environment and inspect any future code updates for network calls, file writes, or credential usage before trusting it with client data.

Review Dimensions

Purpose & Capability: concernThe name/description advertise logging hours, generating timesheets, creating PDF invoices, and tracking payments. The package contains a tiny shell script that only parses flags and prints mode messages; there is no implementation of data storage, reports, PDF generation, emailing, or payment tracking. The declared capabilities are disproportionate to the actual code.
Instruction Scope: noteSKILL.md instructs the agent/user to run scripts/timesheet.sh with --log/--report/--invoice and gives examples that imply full functionality. The runtime instructions do not direct the agent to read unrelated system files or credentials. However, the instructions assume features (PDF generation, invoice status tracking) that are not implemented by the provided script, which is an inconsistency rather than an explicit malicious action.
Install Mechanism: okNo install spec is present (instruction-only with a small included script). This is low-risk from an installation perspective — nothing is downloaded or written to system paths by an installer.
Credentials: okThe skill does not request any environment variables, credentials, or config paths. There is no apparent need for secrets or external service access in the provided code. The lack of requested credentials is proportionate to the actual (minimal) implementation.
Persistence & Privilege: okThe skill is not marked always:true, does not request elevated privileges, and does not modify other skills or system configuration. The only permission is 'exec' to run the included script; the script itself performs no persistent changes.