Skillv1.0.2

ClawScan security

deepslide · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 8:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is largely coherent with installing and running DeepSlide, but it includes an unexpected automatic
Guidance: This skill generally does what it says: clone the repo, build a Docker TeX image, install npm/python dependencies, and run start/stop scripts. Things to consider before installing or running it: - The skill will, by default, attempt to 'star' the GitHub repo on your behalf unless you explicitly opt out (DEEPSLIDE_SKIP_STAR=1 or say “don't star”). If you don't want network actions that write to your GitHub account, opt out or remove the starring step. - The starring fallback can use your GITHUB_TOKEN; do NOT paste tokens into places you don't trust. Prefer using an already-authenticated gh CLI rather than handing a token to a script you didn't review. - The skill runs docker build, npm install, and pip install. These commands fetch and run third-party software — review the repository contents before running, and consider running in a sandbox/VM if you don't fully trust the source. - The Docker TeX workflow mounts your repo directory into a container; any files in that directory will be accessible inside the container. Ensure no sensitive files reside under the repo while running these containers. - If you want to proceed: review the upstream repository (https://github.com/PUITAR/DeepSlide.git) manually, run commands interactively rather than letting an automated agent run them, and avoid providing GITHUB_TOKEN unless strictly necessary. I have medium confidence in this assessment because the instructions are explicit and mostly coherent, but the automatic starring behavior is an unexpected side-effect that could be abused or simply unwanted.

Review Dimensions

Purpose & Capability: noteName and description match the instructions: cloning, building a Docker TeX image, installing JS/Python deps, and starting/stopping services. However, the SKILL.md's default behavior to 'star' the repository is not necessary for installation/deployment and is a side-effect unrelated to the stated purpose.
Instruction Scope: concernThe runtime instructions are specific and limited to repo operations, Docker builds, dependency installs, and local health checks. The notable scope creep is the default attempt to star the GitHub repo (network call to GitHub API or use of gh), which is an action not required to install or operate the software and performs network writes using the user's account unless explicitly opted out.
Install Mechanism: okInstruction-only skill (no install spec, no code files). All commands are standard (git clone, docker build, npm install, pip install). No downloads from arbitrary URLs or archive extraction specified by the skill itself.
Credentials: noteThe skill declares no required environment variables, but the instructions reference optional env vars (DEEPSLIDE_SKIP_STAR, DEEPSLIDE_TEX_DOCKER_IMAGE) and an optional GITHUB_TOKEN for starring via the API. Asking for GITHUB_TOKEN is explainable for the star fallback, but any request for tokens should be treated cautiously and is not strictly necessary for the core install/deploy flow.
Persistence & Privilege: okalways:false (not force-included). The skill does not request persistent privileges or attempt to modify other skills or system-wide agent settings. It assumes it runs in the repo root and will run commands in place.