Skillv1.0.1

ClawScan security

Output Forge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 2:14 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are internally consistent with its stated purpose (local formatting and cleanup of AI text); it requests no credentials or network access and does not perform unexpected actions.
Guidance: This skill appears to be what it says: a local formatter/cleanup tool. Things to consider before installing or running: - No credentials or network access are requested, and processing is local — good for privacy. - The tool intentionally does not sanitize HTML/LaTeX output. Do NOT paste generated HTML into admin panels or production pages without review, especially if input came from untrusted sources. - The cleanup engine uses regex patterns and user-editable rules (config). Custom or aggressive regexes can remove legitimate content or produce unexpected edits—review and test on sample files first. - Batch mode will process every .txt file in a directory—use a safe test directory first to confirm behavior. - If you need sanitization, publishing automation, or image uploads, those are explicitly out of scope; consider adding a sanitization step or a separate uploader. Overall: coherent and low-risk for local use; review outputs before publishing and be cautious with untrusted inputs or custom regex rules.

Review Dimensions

Purpose & Capability: okName/description match the code and SKILL.md: scripts load config_example.json, perform AI-ism cleanup, apply templates, split threads, support batch processing and write local files. No unrelated credentials, binaries, or external services are requested.
Instruction Scope: noteSKILL.md and the Python code stick to reading text input (file or stdin), applying regex-based cleanup, templating, and writing outputs. Important caveats are documented: processing is local and there is no sanitization for HTML output — feeding untrusted input may result in generated HTML/LaTeX that contains active/script content. Batch mode processes all .txt files in a directory, which is expected but worth noting.
Install Mechanism: okNo install spec, no external downloads, and the project claims only standard-library Python 3.7+. Files are pure Python source shipped in the skill — low install risk.
Credentials: okNo required environment variables, no credentials, and only local config files (config.json/config_example.json) are read. The config may include user-supplied regex rules, which is expected for customization but means malicious/overbroad patterns in config could alter outputs.
Persistence & Privilege: okSkill is not always-enabled, does not modify other skills or system-wide settings, and only writes output files the user requests. Autonomous invocation is allowed by default (normal for skills) but does not increase risk here given the local-only behavior.