Skillv0.1.0

ClawScan security

KMind Markdown To Mind Map · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 2:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are generally consistent with a local Markdown→KMind renderer, but embedded vendor bundles and detected prompt-injection patterns in SKILL.md merit caution and further review before installing.
Guidance: This skill appears to be what it claims (a local Markdown → KMind renderer) and only needs node and a local browser, but exercise caution before installing: 1) Inspect the bundled vendor files (scripts/vendor/*) for any network activity (search for fetch, XMLHttpRequest, ws, net, http, https, WebSocket) or eval/new Function/dynamic-code patterns. 2) Decode or remove any base64 or invisible unicode-control characters found in SKILL.md — they can hide instructions or data. 3) Run the skill in a sandboxed environment (or with network blocked) the first time to confirm it truly runs offline and does not phone home. 4) Do not feed sensitive secrets or private data via stdin until you confirm there is no unexpected transmission or logging. If you are not able to audit the bundled JS yourself, consider asking the publisher for a provenance statement or source repository before enabling the skill.
Findings: [base64-block] unexpected: A base64 block pattern was detected in SKILL.md. There is no clear legitimate reason for embedded base64 in the runtime instructions; it may be an attempt to hide payload or metadata. Inspect SKILL.md and bundled files to locate and decode any embedded blocks before trusting the skill. [unicode-control-chars] unexpected: Unicode control characters were detected in SKILL.md. These can be used to invisibly alter text or to attempt prompt-injection. The presence of these characters in the instruction text is unexpected for a formatter/renderer and should be reviewed.

Review Dimensions

Purpose & Capability: okName/description (Markdown → KMind mind maps) matches the included entrypoint (scripts/kmind-render.mjs) and large bundled renderer code. Requiring node and browser.enabled is coherent because the tool auto-launches a local Chromium instance to perform rendering.
Instruction Scope: noteSKILL.md keeps runtime instructions focused on invoking the bundled CLI from the skill baseDir and on export options. It instructs auto-launching a local Chromium in headless mode and fallback to manual browser open when needed. It does not request unrelated system files or environment variables. However, the SKILL.md contains injection-detection signals (base64-block, unicode-control-chars) which could indicate an attempt to smuggle instructions or data; that should be inspected.
Install Mechanism: okNo remote install spec — code is bundled with the skill and executed locally with node. This avoids runtime downloads. The large vendor bundles are included directly rather than pulled from arbitrary URLs, which reduces supply-chain download risk. Still, bundled JavaScript should be audited for network calls or dynamic code execution.
Credentials: okThe skill requests no environment variables and declares browser.enabled as a required config path, which is proportional to a renderer that needs a local browser. It does not ask for credentials or other unrelated secrets.
Persistence & Privilege: okalways is false and model invocation is allowed (default). The skill does not request system-wide privileges or modifications to other skills. The agent will only run the bundled node script when invoked.