Back to skill
Skillv1.1.0
ClawScan security
Inventory Reorder Calculator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 30, 2026, 11:17 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent with its stated inventory-reorder purpose, but the SKILL.md contains detected unicode-control characters (a prompt‑injection signal) that merit manual review before trusting or enabling the skill.
- Guidance
- This skill appears to do what it says (reorder calculations) and requests no credentials, which is good. Before installing or enabling it: 1) Inspect the raw SKILL.md in a plain text editor and remove any invisible/unexpected unicode control characters (zero-width spaces, bidi overrides, etc.). 2) If you let an agent call skills autonomously, consider enabling audit/logging or requiring user confirmation for actions that would trigger real orders. 3) Run the skill on a safe sample SKU (no real POs) to verify outputs match expectations. 4) If you see any suspicious or opaque instruction after removing control characters, treat the skill as untrusted and do not use it for production purchasing decisions. If you can provide the raw bytes or a diff showing which control characters were found, I can re-evaluate and raise confidence.
- Findings
[unicode-control-chars] unexpected: The content scanner detected unicode control characters in SKILL.md. These characters are not expected for an inventory-calculation guide and can be used to hide or alter instructions seen by models or renderers (e.g., zero‑width spaces, directionality overrides). This finding is worth manual inspection; it does not by itself prove malicious intent but does increase risk.
Review Dimensions
- Purpose & Capability
- okThe name, description, and all included documents consistently implement an inventory reorder calculator workflow (demand analysis, lead‑time modeling, safety stock, ROP, quantity constraints). There are no unexpected binaries, environment variables, or credentials requested.
- Instruction Scope
- noteInstructions are narrowly scoped to inventory inputs, formulas, and reporting templates and do not ask the agent to read system files, credentials, or external endpoints. However, the SKILL.md contains unicode-control characters flagged as potential prompt-injection; these could be used to manipulate model behavior or the evaluation process and should be inspected and removed if unintended.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files — nothing will be written to disk or executed by an installer. That minimizes technical installation risk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The inputs it requests are business/inventory data (sales, lead times, costs), which align with the described purpose.
- Persistence & Privilege
- okFlags show always:false and no system modification instructions. The skill does not request permanent presence or elevated privileges. Note that model invocation is allowed (default), so the agent could call the skill autonomously — normal behavior but worth considering in combination with the prompt-injection signal.