Back to skill
Skillv1.0.1
ClawScan security
logseq web article · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 14, 2026, 3:04 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (fetching web articles and converting them to Markdown) matches its description, but it instructs the agent to automatically install and call a separate 'logseq-article-archive' skill with no provenance or install details, which is a security risk.
- Guidance
- This skill does what it says (fetch and format web articles) but it will try to automatically install and call a separate 'logseq-article-archive' skill if that skill isn't already present. Because there is no homepage, source repo, or install spec provided, you should: (1) require explicit confirmation before allowing the agent to install any new skill, (2) ask the skill maintainer or registry for the source/URL and review the logseq-article-archive skill's code, permissions, and required env vars, (3) avoid granting broad credentials or filesystem access to newly installed skills, and (4) consider running any auto-installed skill in a sandboxed environment or only install from trusted registries. If you cannot verify the provenance of logseq-article-archive, do not allow automatic installation.
Review Dimensions
- Purpose & Capability
- okName and description match the runtime instructions: the SKILL.md describes fetching web article URLs, converting content to Markdown, recording metadata, and handing the result to logseq-article-archive. Required binaries/env/configs are none, which is consistent with a lightweight fetch-and-format skill.
- Instruction Scope
- concernThe instructions stay focused on fetching and formatting article content (using a WebFetch tool) and returning results. However, they also direct the agent to check for, and if missing, automatically install and then invoke the separate 'logseq-article-archive' skill. That step gives the agent broad discretion to download and install third-party code at runtime and therefore expands scope beyond simple content processing.
- Install Mechanism
- concernThis skill is instruction-only and has no install spec itself (low inherent risk), but it explicitly instructs the agent to automatically install another skill (logseq-article-archive) if not present. No source, registry, or verification instructions are provided for that installation, which could lead to arbitrary code being fetched/executed by the agent during runtime.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. That is proportional to the stated purpose. Note: the downstream logseq-article-archive skill (to be auto-installed) might request additional secrets or env vars — the SKILL.md does not disclose or justify that.
- Persistence & Privilege
- notealways:false and model invocation allowed (defaults) are normal. The concern is the skill's instruction to install another skill, which implies modifying the agent's installed-skill set; installing or enabling other skills is a privileged action and should require explicit user consent or provenance checks.