Back to skill
Skillv0.1.0
ClawScan security
Pandoc Convert · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:25 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's description and runtime instructions describe a multi-file pandoc toolkit (Python + bash scripts, templates, INSTALL.md, etc.) but the package contains only SKILL.md and the registry metadata omits required binaries — the pieces don't line up.
- Guidance
- Do not install or enable this skill yet. Ask the publisher for the source repository or a complete package so you can inspect the scripts and templates SKILL.md references. Verify that pandoc and Python are actually required and that scripts exist under scripts/. If you plan to let an agent run commands, ensure the repository is trustworthy and that required binaries (pandoc, Python, LaTeX, etc.) are explicitly declared. If the skill will fetch code at runtime, request an explicit and auditable install mechanism (official release URL or package) and review it before allowing execution. Because the current bundle only contains documentation that describes missing files, treat it as incomplete/untrustworthy until those inconsistencies are resolved.
- Findings
[NO_CODE_FILES_PRESENT] unexpected: The regex-based scanner found no code files to analyze. That is inconsistent with SKILL.md, which describes scripts/convert.py, batch_convert.sh, validate.sh, templates/, INSTALL.md, and many docs. For a skill that instructs running local scripts, the absence of those files is unexpected and reduces trust.
Review Dimensions
- Purpose & Capability
- noteThe stated purpose (document conversion using pandoc and optional Python helpers) is reasonable and coherent for a 'Pandoc Convert' skill. However, the skill metadata declares no required binaries while SKILL.md explicitly lists prerequisites (pandoc, Python 3.8+, LaTeX, wkhtmltopdf, etc.). SKILL.md also claims many repository files (scripts/, templates/, INSTALL.md) that are not present in the package manifest. This mismatch weakens trust in the package's claims.
- Instruction Scope
- concernThe runtime instructions tell the agent to run local scripts (python scripts/convert.py, ./scripts/batch_convert.sh, ./scripts/validate.sh) and to consult local docs/templates (INSTALL.md, templates/, references/). Since the skill bundle contains only SKILL.md and no scripts or templates, following these instructions would either fail or cause the agent to attempt to fetch/execute missing resources. The instructions do not ask for unrelated credentials or system-wide access, but they assume local files that aren't present.
- Install Mechanism
- noteThere is no install spec (instruction-only skill), which is low-risk in that nothing is written to disk by an installer. However, SKILL.md references an INSTALL.md and many scripts that imply an installation step; their absence is an inconsistency. Because there is no declared install or source repository, it's unclear how the referenced scripts/templates are meant to be provided.
- Credentials
- okThe skill does not request environment variables, credentials, or config paths in the registry metadata. SKILL.md likewise does not instruct the agent to read secrets or unrelated environment variables. This is proportionate to the described functionality (local document conversion).
- Persistence & Privilege
- okThe skill does not request always:true and uses default autonomy settings. It does not request system-wide config changes in the provided instructions. There is no evidence of privileged persistence.