Skillv1.1.1

ClawScan security

Ontology Engineer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 6:17 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality (local ontology/knowledge-graph extraction) matches the shipped scripts, but there are inconsistencies between declared registry metadata and the SKILL.md + scripts (implicit dependency/install needs) and the tool runs broad filesystem scanning — these mismatches and the high-data-access scope warrant caution before installation.
Guidance: This skill is broadly consistent with an on-device ontology/graph extractor, but exercise caution before running it against your real data. Key points to consider: - Metadata mismatch: The registry summary claims no install/requirements, but SKILL.md and scripts expect python3, optional LibreOffice or MS Word, and multiple pip packages. Request or confirm an explicit install spec before proceeding. - Filesystem scope: The scripts are designed to scan arbitrary directories and extract structured data from many file types. The SKILL.md promises a mandatory interactive 'Step 1.5' confirmation before reading files — verify the agent integration actually enforces this checkpoint (i.e., the agent must ask you and not auto-run scans). - Run safely: First run in a sandbox or container, or point the scripts at a small test folder. Use the provided dry-run options (scan_filesystem.py --dry-run, etc.) to inspect what would be processed. Do not point it at /, your home directory, or backups until you are confident of behavior. - Dependency installs: Installing the advertised Python packages pulls code from PyPI. If you plan to install, prefer doing so in an isolated virtualenv/container and review package versions. On Windows, COM automation requires Word and pywin32; on Linux/macOS LibreOffice is required for legacy .doc/.wps conversion — these are system-level dependencies. - Network & exfiltration checks: SKILL.md states 'no external API calls', and no remote endpoints are visible in the provided files. Still, before running, scan the code for network libraries (requests, urllib, socket) and monitor outbound connections (netstat) during a test run. - Review scripts for enforcement of user consent: Ensure the agent wrapper or local runner does not bypass Step 1.5. If the code does not enforce an interactive prompt, require the agent to ask for folder approval before running any extraction commands. - If in doubt: ask the publisher/maintainer for clarifications about the registry/install mismatch, whether the agent enforces the interactive confirmation, and provide an explicit install manifest (requirements.txt or setup script) and a short audit of network behavior. If you must run it on sensitive data, do so only in an isolated environment after these checks.

Review Dimensions

Purpose & Capability: noteThe name/description align with the included scripts and reference docs: the code scans directories, converts Office/PDF files, extracts tables and builds graph outputs. However the registry summary claims "No required binaries / env / install spec", while SKILL.md and scripts explicitly expect python3, optional LibreOffice/Word, and several Python packages (python-docx, PyMuPDF, openpyxl, xlrd, python-pptx, Pillow, pyyaml). That mismatch between declared registry requirements and the runtime instructions is an inconsistency developers should justify.
Instruction Scope: concernThe SKILL.md directs scanning arbitrary directories and reading many file types (.doc/.docx/.pdf/.xlsx/.pptx/.csv/.sql etc.). The document states a mandatory user-scoped confirmation (Step 1.5) before reading content, but that is an operational promise rather than a technical enforcement inside the scripts. The scripts perform conversion and subprocess calls (LibreOffice, COM), filesystem traversal and extraction — high-scope actions that require explicit user oversight. If the interactive confirmation is not enforced by the agent wrapper, the scripts could read large parts of the user's files.
Install Mechanism: noteRegistry metadata indicated 'No install spec' but SKILL.md contains an 'install' block and explicit pip install recommendations. The code relies on third-party Python packages and optional system binaries (libreoffice, Microsoft Word via COM). There is no opaque network download host in the files shown, but installing the listed packages will pull from public PyPI — a normal but non-trivial install step that the registry should advertise. The mismatch (no top-level install spec vs SKILL.md requirements) is inconsistent.
Credentials: okThe skill does not request environment variables, credentials, or config paths. All declared operations are local file processing and standard system tools. No API keys or remote endpoints are required per SKILL.md.
Persistence & Privilege: okThe skill is not force-installed (always: false) and does not request to modify other skills or system-wide settings. It writes append-only output files to a user-specified directory per its design. Note: autonomous invocation (default enabled) combined with broad filesystem read capability increases potential impact if the agent runs without manual gatekeeping — pair this with the SKILL.md's Step 1.5 requirement.