Skillv0.0.0

ClawScan security

O · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 12, 2026, 3:50 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill contains large blocks of encoded data but provides no runtime instructions or explanation — it's unclear how the agent is expected to decode or what tools it may use, which is incoherent and grants broad discretion.
Guidance: This skill provides a large encoded payload but no instructions about how to decode it. That makes its behavior ambiguous: an agent might reasonably try network services, external binaries, or ad-hoc heuristics to decode the text. Because the manifest requests no credentials and has no installer, direct risk is limited, but the lack of explicit instructions is the real issue. Before installing or running this skill: (1) ask the author for a clear SKILL.md that states allowed decoding methods and required tools, (2) prefer using it in a restricted/sandboxed agent (no network or sensitive credentials), and (3) if you need the encoded content decoded, consider decoding it offline yourself or provide a safe, auditable decoding routine rather than an opaque skill. If you cannot get clarification, treat the skill as untrusted and avoid enabling autonomous agent invocation against sensitive data.
Findings: [no_code_files_or_rules_matched] expected: The static scanner found no code to analyze because this is an instruction-only skill (SKILL.md only). That is expected for data-only/encoding tasks, but it also means there is no programmatic guidance for safe decoding.

Purpose & Capability: noteName/description (decode mysterious encoded text) matches the presence of large encoded blocks in SKILL.md, but the skill does not include any decoding instructions, examples, or declared tools — so the declared purpose is plausible but under-specified.
Instruction Scope: concernSKILL.md is mainly encoded payload/data rather than actionable runtime instructions. There are no explicit steps telling the agent which decoding methods to use, whether network/CLI tools are permitted, or how to handle outputs. This vagueness grants the agent broad discretion (which could cause it to call external tools, read environment, or run arbitrary transforms) and is a scope/instruction mismatch.
Install Mechanism: okNo install spec and no code files are present; this is instruction-only so nothing is written to disk by an installer. That minimizes install-time risk.
Credentials: okThe skill requests no environment variables, binaries, or config paths. There are no obvious credential/exfiltration demands in the manifest.
Persistence & Privilege: okDefault privileges (always:false, agent-invocable) and no persistent modifications are requested. The skill does not ask to become always-enabled or modify other skills.