Skillv0.1.1

ClawScan security

Anthropology · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:39 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims a large embedded anthropology knowledge base (580K tokens, 152 markdown files) but is instruction-only and the repository contains only a single SKILL.md (9.5 KB), which is internally inconsistent and unexplained.
Guidance: This skill claims a large, local anthropology corpus but the package contains only a single small SKILL.md and no install steps or external data endpoints. Before installing or enabling it, ask the publisher: Where is the 580K-token knowledge base stored? Are the 152 markdown files included somewhere else or fetched at runtime (and if so, from what URL and does it require credentials)? Without that answer, the agent may hallucinate content or attempt undocumented network access. If you need a reliable anthropology content skill, prefer packages that include their data or explicitly document the remote data source and access method. If you proceed, limit or review the skill's outputs and avoid granting it sensitive credentials until you verify its behavior.

Review Dimensions

Purpose & Capability: concernThe SKILL.md advertises a 580K-token knowledge base made of 152 markdown files and wide global coverage, but the package contains only one SKILL.md (≈9.5 KB) and no additional files, install steps, or external data source references. There is no description/homepage or declared external API to justify the missing content. That mismatch suggests the skill either (a) falsely claims included content, (b) expects the agent to fetch remote data (not documented), or (c) will rely on the model to hallucinate detailed content.
Instruction Scope: concernThe visible instructions present teaching frameworks and content organization but (from the truncated SKILL.md) appear to rely on the claimed corpus. Because no corpus files or clear remote endpoints are provided, the agent may be instructed to produce or 'summarize' content that doesn't exist locally. The SKILL.md does not declare any required env vars or config paths, but it also does not document where the asserted 152 files/580K tokens live, which is scope creep/ambiguity: the agent may try to access unspecified external resources or invent material.
Install Mechanism: okNo install spec and no code files are present. This is low-risk from an installation perspective—nothing is downloaded or written to disk by the package itself.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. That is proportional for an instruction-only teaching skill. However, the documentation mismatch raises questions about where the advertised content is hosted; if author intended remote access, additional credentials or endpoints should be declared.
Persistence & Privilege: okFlags are default (always: false, model invocation allowed). The skill does not request permanent presence or elevated system configuration. Autonomous invocation is permitted (platform default) but does not combine here with any other broad privileges.