Skillv0.1.0

ClawScan security

Blog Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:26 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions require automatic publication to a specific Notion database (an external account) but the package declares no credentials and contains file-path mismatches — coherent purpose but with risky and inconsistent operational requirements.
Guidance: This skill mostly matches its stated purpose (drafting in a particular writer's voice) but has important inconsistencies you should resolve before installing or using it: - Notion publishing is mandatory in the workflow and targets a specific DB and project URL, yet the skill declares no credentials. Ask the author how Notion authentication is expected to work (which env var or secret will be required) and verify the DB and project belong to you before granting any token. - The SKILL.md forces publishing even for drafts—consider whether you want drafts automatically sent to an external workspace. If not, do not provide credentials or request a dry-run mode. - File path mismatch: the instructions reference references/style-guide.md and references/blog-examples/, but the repository files appear at the top level (style-guide.md, example posts) and manage_examples.py constructs a path that may not exist. This can cause failures or unexpected file writes; review and test filesystem behavior in a safe environment first. - If you plan to allow Notion access, provide a dedicated, minimal-permission Notion integration token scoped to the correct DB and confirm the target workspace is yours. Prefer opt-in publication (manual step) until you validate behavior. Recommended next steps: contact the skill author to clarify authentication and configurable publication targets, run the skill in a sandbox/dry-run (no Notion token) to confirm local behavior, and avoid granting global credentials until you confirm the Notion workspace/DB is correct.

Review Dimensions

Purpose & Capability: concernThe skill claims to manage writing + Notion publication. However, the SKILL.md mandates publishing to a specific Notion DB (data source ID: 04a872be-8bed-4f43-a448-3dfeebc0df21 and a hard-coded project URL). Despite that, the skill declares no required environment variables or primary credential (no Notion token), which is inconsistent: publishing to Notion legitimately requires authentication. The Notion target is hard-coded to a third-party workspace rather than being parameterized for the installing user.
Instruction Scope: concernRuntime instructions require reading style examples and a style guide and saving final posts into references/blog-examples/, plus ALWAYS publishing (even drafts) to the named Notion DB. That mandates outbound transmission of user-provided content to a specific external endpoint and automatic writes into the skill folder. The SKILL.md strictly treats Notion publication as required (failure if not added), which is a high-risk, non-optional data exfiltration step and grants the skill broad discretion over when to publish.
Install Mechanism: okNo install spec is present (instruction-only skill plus a small utility script). This minimizes installation-time risk; there are no downloads or archives. The included manage_examples.py is a small local utility and not an installer.
Credentials: concernThe instructions require access to Notion (write) but the skill declares zero required environment variables or credentials. That mismatch is problematic: a Notion integration requires a token/secret (e.g., NOTION_TOKEN), yet nothing is requested or documented for the installer to grant. Also the skill hard-codes a Notion DB and project URL (unrelated to an arbitrary user's workspace), which is disproportionate and could result in attempting to publish to someone else's workspace if credentials are provided unintentionally.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable only. It instructs writing final posts into its own examples library (references/blog-examples/), which is a normal local write scope. It does not request system-wide configuration changes or permanent autonomous elevation.