Skillv2.0.0

ClawScan security

Doc Orchestrator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 3, 2026, 12:52 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and lack of installs are coherent with its stated purpose of orchestrating multi-chapter document generation; main risks are disk persistence of orchestration state and reliance on file I/O which should be constrained by the runtime environment.
Guidance: This skill appears to do what it says (orchestrate multi-chapter documents) and doesn't request secrets or install code, but it intentionally writes persistent state and multiple files to disk. Before installing or using: 1) Confirm where {task-dir} maps on your system and ensure it is sandboxed and not a directory that contains secrets or system config. 2) Verify the runtime enforces file-write restrictions so the skill cannot write outside the intended task directory. 3) Be aware orchestration JSON may contain full document text; treat it as sensitive data and rotate/delete after use if needed. 4) Ensure the environment provides basic shell utilities (sed, grep, cat) or adapt the merge steps accordingly. 5) If you need stronger guarantees, request the skill be adapted to avoid persisting raw sensitive content or to encrypt state at rest. Overall this is internally coherent, but confirm filesystem and sub-agent isolation policies before use.

Purpose & Capability: okName and description (orchestrating multi-chapter documents using sub-agents) match the SKILL.md instructions. The skill is instruction-only and requires no extra binaries, env vars, or installs — which is proportionate for an orchestration/coordination role.
Instruction Scope: noteInstructions explicitly direct the agent to create/read/update a per-task orchestration JSON and multiple chapter files, spawn sub-agents, and run simple shell commands (sed/grep/cat). This is within scope for document orchestration, but it persists potentially large/complete document content to disk (state JSON and chapter files), which can leak sensitive content if the task directory is not isolated. The prompts also assume shell utilities exist and that sub-agents will obey file-write constraints.
Install Mechanism: okNo install spec or external downloads — instruction-only. Lowest install risk.
Credentials: okThe skill requests no environment variables, credentials, or config paths. That is appropriate and proportional for its stated functionality.
Persistence & Privilege: noteThe skill requires writing persistent orchestration state and per-chapter files (explicitly intended). always:false and normal autonomous invocation are set. Persisting state to disk is necessary for the design but increases risk if the runtime allows writing outside a sandboxed task directory or if state contains sensitive data.