Skillv0.1.0

ClawScan security

Tuzi Cover Image · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 2:21 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a cover-image generator, but its runtime instructions require reading/writing user files (project and $HOME EXTEND.md) and enforce a blocking first-time setup even though the registry metadata declares no config paths — this mismatch and the aggressive 'MUST incorporate' reference-handling are worth caution.
Guidance: Before installing or invoking this skill: (1) Be aware it will read/write a preferences file at either .tuzi-skills/tuzi-cover-image/EXTEND.md in your project or ~/.tuzi-skills/tuzi-cover-image/EXTEND.md in your home and will create output and refs/ directories — the registry metadata did not list these config paths. (2) The first-time setup is blocking and must complete before the skill analyzes content; if you prefer no global files, choose the 'Project' save location during setup or inspect the EXTEND.md content after creation. (3) Avoid providing reference images that contain copyrighted logos, private or sensitive visuals if you don't want the skill to reproduce them — the instructions explicitly push for exact, 'MUST' reproduction of reference elements and exact color values. (4) Because this is an instruction-only skill, confirm what agent tooling will perform filesystem writes (the skill's instructions assume the agent can run shell/file operations). If you need the skill to be less persistent or less invasive, ask the owner to (a) declare required config paths in metadata, (b) make the first-time setup optional or non-blocking, and (c) reduce the 'MUST' reproduction language for reference handling.

Review Dimensions

Purpose & Capability: concernThe skill name/description describe an image-cover generator and the instructions implement that. However the SKILL metadata claims no required config paths or credentials while the runtime docs explicitly read and write EXTEND.md in either the project (./.tuzi-skills/tuzi-cover-image/EXTEND.md) or the user's home (~/.tuzi-skills/tuzi-cover-image/EXTEND.md). That filesystem access (and the explicit blocking setup) should have been declared in registry metadata; the mismatch is incoherent and surprising.
Instruction Scope: concernSKILL.md instructs the agent to run shell checks (test -f ...) and to create directories and write EXTEND.md, save source and reference images to disk, and write prompt files (prompts/cover.md). It also instructs very prescriptive handling of reference images — extracting exact colors, logos and 'MUST' reproducible elements — which can enable replication of copyrighted or sensitive visual assets. All of these file reads/writes and the blocking-first-time-setup step extend beyond a simple 'generate' prompt and should be highlighted to the user.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, which is lowest install risk — nothing is downloaded or executed by an installer. The runtime behavior relies on the agent's ability to read/write files and use whatever toolchain the agent has.
Credentials: noteThe skill declares no environment variables or credentials, which matches the lack of network/service integrations. However it does implicitly require access to the filesystem (project dir and $HOME) to store preferences and outputs; those config paths are not declared in the metadata and therefore the registry info understates the skill's access needs.
Persistence & Privilege: notealways:false (good) and the skill does not request elevated platform privileges, but it mandates creating persistent config files (EXTEND.md) and output directories and blocks other operations until setup completes. This persistent footprint is normal for tools that save preferences, but the blocking behavior and default option to save to the user home may be surprising and should be made explicit to the user before install/run.