Skillv1.0.0

ClawScan security

docx · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 28, 2026, 6:58 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This instruction-only skill is internally consistent with its stated docx/document-editing purpose and requests no credentials or installs, though its wording is broad about using external enrichment capabilities.
Guidance: This skill appears coherent for creating and editing .docx files and doesn't request credentials or install anything. Before enabling it, consider: 1) whether you want the agent to be allowed to perform broad web scraping or social-media enrichment — the instructions explicitly permit those capabilities, which could cause the agent to fetch external content; 2) avoid sending sensitive or private documents to the skill unless you trust the platform and the agent's data handling; 3) require review of generated or transformed documents before publication (the SKILL.md already recommends review). If you want tighter control, ask the integrator to narrow the allowed capabilities (e.g., disable web_scraping/social_media_data) or to document exactly how external data will be sourced and logged. If you see later that the skill requests file-system paths, credentials, or installation steps, re-evaluate, as those would raise stronger concerns.

Purpose & Capability: noteThe skill's name/description match the documented behavior (create/read/edit .docx). However, the SKILL.md lists many SkillBoss capabilities (web_scraping, social_media_data, web_search, image_generation) beyond core document_processing. Those can be reasonable for enriching content but are broader than strictly needed for .docx manipulation.
Instruction Scope: noteSKILL.md is high-level and does not instruct the agent to read local files, access environment variables, or run binaries. It does give broad discretion to "use relevant SkillBoss capabilities to enrich assets," which is vague and could allow wide-ranging web/social queries unless constrained by policy.
Install Mechanism: okNo install spec and no code files are present, so nothing will be written to disk or executed beyond the platform's normal skill invocation.
Credentials: okThe skill declares no required environment variables, credentials, or config paths — proportional to a document-editing skill. The only concern is conceptual: listed capabilities could cause the agent to fetch external data, but that does not require additional user secrets here.
Persistence & Privilege: okThe skill is not marked always:true and uses default autonomous invocation permissions. It does not request elevated persistence or to modify other skills or system-wide settings.