Skillv1.0.0

ClawScan security

文档转HTML图片语义命名技能 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 21, 2026, 8:17 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, scope, and requirements are coherent with its stated purpose of renaming exported document images and updating HTML references; it is instruction-only, requests no credentials or installs, and only needs access to the document, HTML, and image files it is meant to operate on.
Guidance: This skill is coherent for renaming exported document images and updating HTML, but you should: (1) ensure the agent is only given access to the specific document/HTML/image folders it must operate on (least privilege); (2) keep backups of original exported images and the original HTML before running bulk renames; (3) verify mapping output and that all img src links still resolve; (4) be aware the instructions assume some way to inspect image content (either the agent's vision capability or an external tool)—confirm what the runtime will actually use for image analysis; (5) if you need offline processing or must avoid sending images to external services, verify the runtime will not transmit files externally. If the skill later requests network access, installs, or credentials, re-evaluate because that would change this assessment.

Purpose & Capability: okThe name and description match the SKILL.md content: the skill explains how to map exported images (image1, media/image3, etc.) to semantic filenames using document context and image content and to update HTML and mapping lists. No unrelated credentials, binaries, or installs are requested.
Instruction Scope: noteThe instructions require reading document-derived HTML, the surrounding text (titles/paragraphs), and the image files, then renaming images and updating HTML and a mapping file. This is within the task but implies read/write access to the user's document and image files and (optionally) an image-recognition capability. The SKILL.md does not specify how to extract images from PDFs or perform image content recognition—those operational details are left to the agent/environment.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk by an installer and no external packages are pulled in by the skill itself.
Credentials: okNo environment variables, credentials, or config paths are requested. The only needed access is to the user's document/HTML and image files, which is proportionate to the described purpose.
Persistence & Privilege: okalways is false and there is no install or persistent agent modification described. The skill does not request permanent platform presence or modify other skills or global settings.