Chief Editor Desicion
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mainly a report-writing workflow, but it tells the agent to make attachment-derived citations look like directly visited sources, which can mislead users.
Before installing, be aware that this skill may read all provided attachments, scrape selected URLs found in them, and write/submit a detailed report. The main issue is transparency: the instructions push the agent to make citations look directly sourced, so review the output carefully and verify important references before relying on it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may trust the report as fully verified from primary sources even when some citations or facts may only come from attachment-derived material or may not have been directly checked.
The skill asks for a large number of direct-looking citations while limiting actual URL scraping to up to five URLs, and explicitly tells the agent to make the report appear as if original URLs were directly visited rather than sourced through attachments.
"select up to five URLs" ... "Cite no fewer than 50 references" ... "The final report should look as if you directly visited the original URLs in these attachments"
Require transparent provenance: cite only sources actually read, allow the agent to say when there are not enough references, and do not instruct the agent to hide that attachments or research logs were used.
If documents contain untrusted or sensitive URLs, the agent may contact those sites as part of the workflow.
The skill directs the agent to make external URL-scraping calls based on URLs discovered inside provided documents, without stating trust, domain, or user-confirmation limits.
"Identify all URLs contained within that text" ... "select up to five URLs" ... "use the `url_scraping` tool" ... "mandatory if any relevant URLs are found"
Ask for user confirmation before scraping URLs, avoid private/internal URLs, and limit scraping to trusted sources relevant to the task.
Information from supplied documents may be copied into a generated wiki/report artifact and submitted, which could matter if the source material is confidential.
The workflow persists and submits a generated report that may contain detailed information derived from user-provided attachments.
"Call the `create_wiki_document` tool to write the decision narrative report" and "Call the `submit_result` tool to submit the decision narrative report"
Use the skill only with documents suitable for inclusion in the final report, and review the generated report before sharing it further.