Skillv1.0.0

ClawScan security

Document Handler · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 4:00 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's scripts and instructions match its stated purpose (extracting text/metadata and converting documents); no hidden endpoints, credentials, or installation of remote code are present, though it relies on many external CLI tools that are not declared and a couple of platform-specific commands.
Guidance: This skill appears to do what it says: extract text/metadata and convert documents. Before installing, be aware of the following: (1) it relies on many external CLI tools (pdftotext, pdfinfo, pdftoppm, unzip, textutil, lynx, tesseract, etc.) which are not declared — make sure those tools are available on your system or the commands will fail; (2) textutil is macOS-specific and some examples assume tools that may not exist on Linux/Windows; (3) extracted metadata can contain sensitive info (author, timestamps) — avoid passing files with secrets unless you trust the runtime; (4) the SKILL.md states it triggers on mentions of file paths, so consider whether you want automatic invocation in your agent. If you need higher assurance, review and run the two included scripts locally in a safe environment to confirm behavior.

Review Dimensions

Purpose & Capability: noteThe name/description (document extraction and conversion) aligns with the included scripts and SKILL.md examples. However, the skill references many external CLI tools (pdftotext, pdfinfo, pdftoppm, unzip, textutil, lynx, tesseract, etc.) but declares no required binaries; the absence of declared required binaries is a documentation/packaging omission rather than a functional mismatch.
Instruction Scope: okSKILL.md and scripts explicitly instruct the agent to read local files, extract metadata and text, and convert PDFs to images. These actions are within the stated purpose. The README triggers on mentions of file paths which could cause frequent activations, but that behavior is consistent with a document-handler skill.
Install Mechanism: okThere is no install spec (instruction-only plus two local scripts). Nothing is downloaded or written by an installer. The scripts only call local command-line tools; no remote code fetch or archive extraction from external URLs is present.
Credentials: okThe skill requests no environment variables or credentials and the scripts do not read any env vars or config paths. This is proportionate to the document-processing purpose.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence. It does include a trigger definition (activate on mentions of document files) which is normal for an invocable skill; nothing in the files attempts to modify other skills or system-wide settings.