Back to skill
Skillv1.0.0
ClawScan security
Academic Deep Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 8:00 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are internally consistent with a rigorous multi‑cycle research assistant, aside from a few minor mismatches (claims about offline operation and a missing MEMORY.md reference) that should be clarified but do not indicate malicious behavior.
- Guidance
- This skill appears to do what it says: conduct methodical, multi‑cycle web research and produce an APA‑style report. Before installing, consider: (1) Clarify the README claim that it 'works offline' — the runtime uses web_search/web_fetch, so it will access the web unless the platform provides local equivalents. (2) The skill uses memory_search/memory_get (agent memory); if your agent stores sensitive data, decide whether you want the skill to access that memory. (3) The skill will perform many searches/fetches once you approve the Phase 2 plan — be prepared for potentially large amounts of network activity and ensure your privacy/usage policies allow it. If those points are acceptable, the skill is internally coherent and not suspicious.
Review Dimensions
- Purpose & Capability
- noteName/description promise (exhaustive, methodological research) matches the instructions: mandated multi‑cycle searches, use of web_search/web_fetch/sessions_spawn, APA citation rules, and user checkpoints. Minor mismatch: README/README claims 'Works offline' and 'No external dependencies' while the runtime explicitly relies on web_search/web_fetch (platform web tools). That is not a security risk but is an inaccuracy the author should clarify.
- Instruction Scope
- noteSKILL.md stays within research scope: it instructs web searches, page fetches, session spawning, and referencing agent memory. It does not ask the agent to read system files, credentials, or arbitrary local paths. Two small issues: (1) it references checking MEMORY.md for related context, but the repository/file manifest contains no MEMORY.md file — ambiguity about what 'MEMORY.md' refers to; (2) the mandatory 'show your work after each tool call' policy may cause verbose leakage of intermediate findings but is within the stated purpose. Neither issue implies malice but they warrant clarification.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest installation risk. No downloads, no third‑party packages, and no binaries required.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does reference memory_search/memory_get (agent memory) which is proportionate for a research assistant but should be disclosed to users who are cautious about sensitive stored context.
- Persistence & Privilege
- okalways:false and default autonomous invocation allowed (normal). The skill does not request persistent system presence, does not modify other skills, and does not attempt to store credentials. Autonomous invocation combined with web access is expected for this use case; monitor agent permissions if you want to restrict external web fetches.