Skillv1.2.2

ClawScan security

Printer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 17, 2026, 7:37 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, declared requirements, and runtime instructions align with its stated purpose of printing files via the local CUPS stack; it does not request secrets or perform network I/O and its use of subprocesses is appropriate for calling lp/lpstat/lpoptions.
Guidance: This skill appears to do what it says: it reads local CUPS PPDs, converts images with Pillow, and calls lp/lpstat/lpoptions. Before installing: 1) Confirm you run it on a machine with CUPS and trust the system printers (jobs go to local/network printers). 2) Be careful with the OPENCLAW_WORKSPACE env var — if set to a sensitive directory it will allow printing files from there; prefer leaving it unset or pointing to a dedicated workspace. 3) The script creates temporary PDF files (delete=False) — you may want to review or clean /tmp after use. 4) Review the included script if you need to be extra cautious; there are no network calls or secret exfiltration patterns visible. Overall the skill is coherent and proportional to its stated purpose.

Purpose & Capability: okName/description ask for CUPS printing. Required binaries (python3, lp, lpstat, lpoptions) and dependency (Pillow) are exactly what a CUPS-aware printing tool needs. The pyproject dependency and script are proportional to the task.
Instruction Scope: okSKILL.md tells the agent to run the included script which lists printers, queries PPDs, converts images to PDFs and invokes lp to submit jobs. The script's filesystem and command usage are limited to paths and tools relevant to printing (PPD files, workspace/tmp, and lp).
Install Mechanism: okNo install spec — instruction-only with a bundled script. No downloads or archive extraction. This minimizes install-time risk.
Credentials: noteNo credentials requested. The script honors an optional OPENCLAW_WORKSPACE env var to allow printing only from workspace paths; this is reasonable but means the agent will trust that environment variable when allowing files. No other env vars are accessed.
Persistence & Privilege: okalways is false and the skill does not request system-wide changes or other skills' credentials. The script writes temporary PDF files when converting images (uses tempfile with delete=False), which is normal for this functionality.