Skillv1.0.0

ClawScan security

jupyter-notebook-manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 4:01 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, documentation, and runtime instructions are consistent with a Jupyter notebook manager; it asks for no unrelated credentials or installs, but executing notebooks inherently runs arbitrary user code so treat inputs as untrusted.
Guidance: This skill appears to do what it says — create, run, and analyze notebooks. Important cautions before use: (1) Executing a notebook runs any code inside it; only run trusted notebooks or run in an isolated/sandboxed environment. (2) The parameter injection simply inserts assignment lines into a code cell and may be fragile if parameter values contain quotes or malicious code; treat untrusted parameter values as untrusted code. (3) The executor calls the system 'jupyter nbconvert' command — ensure that dependency is installed and that you understand that long-running or resource-heavy notebooks may consume CPU/memory. If you plan to use this skill in production or with user-provided notebooks, run it inside a container or restricted environment and review notebooks before execution.

Review Dimensions

Purpose & Capability: okName/description (create, execute, debug, analyze notebooks) align with included scripts (notebook_creator.py, notebook_executor.py), README, requirements.txt and tests. Required tools (jupyter/nbconvert/papermill) appear in requirements and SKILL.md, so requested capabilities are proportional.
Instruction Scope: noteSKILL.md instructs the agent to operate on .ipynb files in the working directory and on user-uploaded notebooks — exactly what a notebook manager should do. However, the executor will run notebook code (via jupyter nbconvert) and inject parameters by inserting a code cell; executing arbitrary notebooks (or malicious parameter values) will run arbitrary Python code. This is expected for execution functionality but is a security consideration rather than an incoherence.
Install Mechanism: okNo install spec provided (instruction-only skill with bundled scripts). Dependencies are listed in requirements.txt and are appropriate for the stated features. Nothing is downloaded from unknown remote URLs or using an extract step.
Credentials: okSkill does not request secrets, credentials, or config paths. README lists optional environment vars (JUPYTER_KERNEL, NOTEBOOK_TIMEOUT, MPLBACKEND) which are reasonable and proportional to the purpose.
Persistence & Privilege: okSkill is not always-enabled and does not request elevated platform privileges. It does write output notebooks to disk (expected) but does not modify other skills or system-wide configs.