Skillv1.0.0

ClawScan security

Attachment Inject · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 4, 2026, 11:22 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (injecting dynamic attachments instead of editing the system prompt) matches its instructions, but the runtime guidance implies read/write access to local skill/agent files and persistent edits without clearly declared file-scope — this mismatch is worth caution.
Guidance: This skill is coherent with its stated goal (generate small registries and load content on demand), but it implicitly requires reading and writing local skill/agent files and modifying AGENTS.md. Before installing, confirm: 1) which exact paths the skill will read/write (have the developer declare them) and restrict permissions to a safe directory; 2) whether you want the skill to make persistent edits to AGENTS.md or other config files and have a review/backup process; 3) that the shell commands suggested (grep/sed loops) will run in a sandbox and won't be expanded to read unrelated files; and 4) that no secrets or sensitive files reside under the targeted paths. If you are not comfortable granting broad filesystem write access, ask the author to limit the scope (explicit config paths) or run the logic in a read-only/sandboxed environment and approve registry updates manually.

Review Dimensions

Purpose & Capability: noteThe name/description match the instructions: the skill explains patterns for injecting dynamic 'attachments' and generating lightweight registries. Requesting file read/write access is reasonable for this purpose. However, the package metadata in the registry shows no declared config paths while the SKILL.md explicitly references reading skills/*/SKILL.md, agents/*.md and writing registry files (agents/registry.md, skills/registry.md, AGENTS.md). The skill should declare the exact file paths it needs.
Instruction Scope: concernThe SKILL.md tells the agent to read and parse local files (agents/*.md, skills/*/SKILL.md) and to write generated registry files and to replace placeholders in AGENTS.md each session. Those are concrete filesystem operations outside the skill bundle; the skill instructions therefore implicitly require filesystem access and the ability to modify repository/config files. The instructions do not limit scope (e.g., only under a sandboxed directory), so there's risk of unintended reading/modifying of other files if implemented broadly.
Install Mechanism: okThere is no install spec and no code files; this is instruction-only, which minimizes install-time risk.
Credentials: okNo environment variables or external credentials are requested. That aligns with the stated local-file registry generation purpose.
Persistence & Privilege: noteThe skill does not request always:true and does not ask to be permanently enabled, but its recommended behavior includes persistent edits (writing registries and updating AGENTS.md each session). Persistent modification of agent/skill registry files is a meaningful privilege and should be explicitly scoped and approved by the user or admin.