Skillv1.0.0

ClawScan security

kids learning English Vocabulary · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 1:47 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requested operations (story generation, lesson planning, PNG card and scene image creation, scheduling) line up with its description; it is an instruction-only skill that reads local fonts and writes image files but does not request credentials or unusual system privileges.
Guidance: This skill appears coherent for generating lesson plans and image-based teaching cards, but double-check a few operational details before installing/using it: 1) The SKILL.md instructs a runtime pip install (pillow, matplotlib). Installing Python packages at runtime can change the environment or require elevated privileges; avoid running pip with flags that break system packages unless you control the environment (use virtualenv or container). 2) The code expects font files at /mnt/skills/... and /usr/share/fonts/... — confirm those font files exist or provide safe alternatives; otherwise image generation will fail. 3) Generated files are written to disk (PNG output); ensure the agent has appropriate write permissions and that filenames are sanitized to avoid accidental overwrites. 4) There are no credential or network calls declared — if later versions add external upload, reminders delivery, or analytics endpoints, reassess (that would materially change risk). If you want higher assurance, request the full, untruncated SKILL.md (confirm the pip command flag) and test the image-generation code in an isolated environment first.

Review Dimensions

Purpose & Capability: okThe name/description (vocabulary lessons, story-based memorization, image cards, tests, spaced-repetition reminders) matches the SKILL.md content: it shows how to analyse words, build lesson plans, generate stories, create PNG teaching cards and scene images, and produce test items. No unrelated capabilities (cloud admin, email delivery, etc.) are requested.
Instruction Scope: noteInstructions stay within the stated domain (generate stories, images, schedules, quizzes). They reference local font files (/mnt/skills/... and /usr/share/fonts/...) and instruct the agent to pip-install Pillow and Matplotlib at runtime. The pip install step (the file shows a truncated flag like --break-syst...) and the reliance on absolute system font paths are operational concerns (may fail or modify environment) but not evidence of malicious scope creep. The SKILL.md does not ask to read unrelated secrets or send data to external endpoints.
Install Mechanism: noteThis is instruction-only (no install spec), which is lower risk. However, the runtime instructions include pip install pillow matplotlib. Because package installation happens at runtime and one truncated flag suggests using a system-breaking pip option, users should be aware this can alter the Python environment; there is no declared install step (so installs are ad-hoc at runtime).
Credentials: okThe skill requires no environment variables, credentials, or external tokens. The only environment accesses are filesystem reads of fonts and writes of generated PNG files, which are proportional to image-generation and presentation tasks.
Persistence & Privilege: okalways:false and default model-invocation behavior are appropriate. The skill does not request persistent system-wide changes, nor does it require modifying other skills or system configuration.