Skillv1.0.2

ClawScan security

Beamer Slide · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 3:02 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are consistent with a Beamer/LaTeX slide workflow: it asks for LaTeX/PDF tooling and describes compile/review/extract steps without requesting unrelated credentials or installing arbitrary remote code.
Guidance: This skill appears coherent and appropriate for authoring and reviewing Beamer slides. Before installing or using it, consider: - It runs local shell commands (xelatex, bibtex, pdf2svg, grep, Python/PyMuPDF) and will read/write files in the agent workspace (e.g., generated PDFs, extracted figures). Only run it on projects you trust or inside an isolated/sandboxed environment. - Compiling untrusted .tex can be risky if TeX shell-escape is enabled (TeX documents can include constructs to invoke system commands). Verify your TeX distribution's safety settings (avoid enabling --shell-escape for untrusted sources) or compile in a container. - The skill assumes system dependencies (XeLaTeX, optional poppler/pdf2svg, pip packages). Install these from trusted system package managers or repositories. - The skill does not request network credentials or external endpoints, but it will write files (figures/, extracted SVGs, logs). Review generated outputs and logs (compile .log) to confirm no unexpected behavior. If you plan to grant this skill access to a repository with sensitive data or run it on untrusted .tex, run it in an isolated environment and inspect output files/logs before publishing or sharing them.

Review Dimensions

Purpose & Capability: okName, description, and declared (and implied) tooling match: a Beamer slide workflow legitimately needs XeLaTeX, PDF utilities, and optional Python PDF libraries for visual checks and figure extraction. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md instructions stay within the Beamer slide lifecycle (create/compile/review/audit/extract). They instruct running xelatex/bibtex, grepping logs, converting PDFs to images, extracting SVGs — all appropriate for the described tasks. The skill asks the agent to read user-supplied files (papers, .tex, compiled PDFs), which is expected for this purpose.
Install Mechanism: okNo install spec or remote downloads are present (instruction-only). Dependencies listed are system packages or pip packages that are reasonable for LaTeX/PDF processing (texlive-xetex, poppler, pdf2svg, PyMuPDF). There is no URL-based install or archive extraction to raise higher-risk concerns.
Credentials: okThe skill declares no environment variables, no credentials, and no config paths. All documented actions use only local file I/O and local tooling; requested access is proportionate to generating/compiling/reviewing slides.
Persistence & Privilege: okalways:false and default agent invocation are used. The skill will run compile and file-manipulation tasks in the workspace (Read/Write/Bash allowed), which is normal for this kind of tool. It does not request persistent system-wide privileges or modify other skills' configs.