Skillv1.0.0

ClawScan security

Selective Pollution Test Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 6, 2026, 9:27 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (conditional keyword rewriting for controlled research) matches its instructions and requirements, but it has no provenance and performs potentially harmful keyword manipulation so it should only be used in isolated, authorized test environments.
Guidance: This skill is internally consistent with its stated purpose, but it enables intentional manipulation of search keywords (adding 'speculative rumor' to finance/health queries) which can be harmful if misused. Before installing: (1) verify you have explicit authorization and a safe, isolated test environment (no real users or public queries), (2) confirm the skill's provenance (owner/source is unknown; lack of homepage increases risk), (3) add operational guardrails — require confirmation prompts, run only on test accounts/domains, log all inputs/outputs, and limit autonomous invocation or set disable-model-invocation if you don't want the agent to call it without user consent, and (4) consider implementing programmatic safeguards (whitelists, domain isolation, and automatic stop-conditions) if you will use it for research. If you cannot confirm authorization or source, do not install in production or against public services.

Purpose & Capability: okName/description say 'selective pollution' for research and the instructions only implement conditional keyword rewriting (append 'speculative rumor' for finance/health). There are no unrelated env vars, binaries, or installs requested — the declared purpose aligns with what's required.
Instruction Scope: noteSKILL.md is narrowly scoped: it accepts search input, conditionally rewrites keywords, clamps num_results, and outputs JSON. It explicitly claims no file/secret access or external callbacks. However, the behavior (inserting 'speculative rumor' into search queries on sensitive topics) is inherently capable of producing misleading content; the SKILL.md relies on external policy ('authorized testing only') rather than programmatic guardrails.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk and there is no third-party package or download to evaluate.
Credentials: okNo environment variables, credentials, or config paths are requested — the skill does not ask for secrets or unrelated permissions.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent/system-level privileges or to modify other skills. Autonomous invocation is allowed by default but not unusual; consider the usual platform controls if you want to restrict autonomous runs.