v4.1.1

Doc Process

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:28 AM.

Analysis

The skill is mostly purpose-aligned for document processing, but it tells the agent to run a setup script automatically without prompting, including package and system-binary installation.

GuidanceReview this skill before installing. Its document-processing features match the stated purpose, but do not let it run setup automatically unless you are comfortable installing the listed Python packages and possible system binaries. If you use the timeline feature, remember it creates a local history file and may expose sensitive filenames.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

SKILL.md

If any are missing, run the setup script automatically — no prompting needed:

bash skills/doc-process/setup.sh

This explicitly instructs the agent to execute a local setup script automatically instead of asking the user before running code.

User impactThe skill may run a shell script on first use without an explicit approval step, which can change the local environment before the user reviews the action.

RecommendationBefore installing, review setup.sh and require the agent to ask for confirmation before running any setup command.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

This installs all Python packages (`pymupdf`, `Pillow`, `pytesseract`, `opencv-python-headless`, `numpy`, `img2pdf`, `pdfplumber`, `openai-whisper`) and attempts to install system binaries (`tesseract`, `ffmpeg`) via `brew` or `apt` depending on the platform.

The setup process pulls multiple third-party packages and may invoke system package managers, which is broader than a simple instruction-only skill and should be explicitly approved.

User impactThe skill can install or update software from package ecosystems and system package managers, creating supply-chain and local-environment risk.

RecommendationInstall dependencies manually or with user confirmation, prefer pinned versions, and avoid automatic brew/apt operations unless the user specifically approves them.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

references/document-timeline.md

Once enabled for a session, the log records document type, filename, and a PII-free one-line summary to `~/.doc-process-timeline.json`.

The skill includes persistent local history of processed documents. The reference says it is opt-in and PII-minimized, but it can still reveal filenames and document-processing history.

User impactIf enabled, a local file may retain a history of documents you processed, including filenames that could themselves contain sensitive information.

RecommendationEnable timeline logging only if you want a persistent local history, avoid sensitive filenames, and use the provided delete or clear options when needed.