Skillv1.0.0

ClawScan security

Academic Writing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 8:00 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only academic-writing helper whose declared requirements and runtime instructions are internally consistent with its stated purpose.
Guidance: This skill appears coherent and low-risk because it only supplies runtime instructions (no code or installs). Before using it widely: 1) Confirm your agent has web access if you need real citation verification — otherwise ask the skill to say when it could not verify sources. 2) Manually spot-check references produced by the skill to ensure they are real and correctly formatted (LLMs can still fabricate plausible-looking citations). 3) Be aware the skill enforces wrapping content in <ama-doc> tags — ensure downstream consumers handle that safely and that the tags don't conflict with your UI/processing. 4) Test with non-sensitive/example prompts first to confirm behavior matches expectations.

Purpose & Capability: okName/description (academic writing, citations, methodology) match the SKILL.md instructions (strict citation rules, academic sources, structured output). No unrelated binaries, env vars, or install steps are requested.
Instruction Scope: noteInstructions are narrowly focused on academic writing, formatting, and citation verification. They require the agent to verify citations against academic repositories (arXiv, PubMed, IEEE Xplore, etc.) and to output content wrapped in <ama-doc> tags. This is coherent with the purpose but assumes the agent/platform has network access and the ability to check external sources; if the runtime environment does not provide web access, the verification steps cannot be completed and the agent may be prone to hallucinated citations.
Install Mechanism: okNo install spec and no code files — instruction-only. This minimizes the attack surface (nothing is written to disk or downloaded).
Credentials: okSkill requests no environment variables, credentials, or config paths. The declared resource requirements are proportionate to an instruction-only writing assistant.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent/system-level presence or to modify other skills' configurations.