Skillv1.0.0

ClawScan security

Research skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 17, 2026, 4:47 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are internally consistent with its stated purpose (automatically writing paper sections from a project), but it asks the agent to read project files and use web search/command tools — actions that are sensitive and merit caution.
Guidance: This skill is coherent for generating paper text from your project, but it will need access to your project files (code, results, figures) and can run local commands (pdflatex, bibtex) and use WebSearch. Before installing or invoking it: 1) avoid pointing it at proprietary or unreleased data you don't want shared; 2) review generated numerical claims, tables, and citations carefully — the assistant may hallucinate results or references; 3) prefer running it in an environment where file access is controlled (a copy of the project or a sanitized subset); 4) verify that any external searches or citation lookups do not inadvertently send sensitive project snippets to third-party services; and 5) check outputs for plagiarism and ensure proper attribution before submission. If you need higher assurance, request the skill source or run similar functionality in a local, offline toolchain.

Review Dimensions

Purpose & Capability: okThe skill claims to auto-generate academic-paper sections from a project's code and experimental results. The SKILL.md explicitly requires reading project code, extracting model/algorithm details, gathering experimental tables/figures, generating LaTeX, and optionally using WebSearch for citations — all of which are coherent and expected for this purpose. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope: noteThe runtime instructions instruct the agent to read the provided project_path (code, results, figures) and to produce LaTeX and compile it via Bash. That scope is appropriate but sensitive: reading project files may expose proprietary or private data; the SKILL.md also permits using WebSearch (an external network tool). The instructions do not explicitly direct exfiltration, but they give the agent broad discretion to read and process potentially sensitive files and to perform external searches — which could accidentally leak context if the agent sends project content to external endpoints while searching or citing.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This minimizes installation risk (nothing is downloaded or written during install).
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That aligns with its stated purpose: generating writing from locally available project artifacts and performing searches. No disproportionate credential requests are present.
Persistence & Privilege: okalways is false and the skill does not request persistent or elevated platform-wide privileges. Autonomous invocation is allowed (platform default), which is appropriate for a user-invocable writing assistant. The skill does not modify other skills or global configs in the instructions.