ClawHub
Back to skill
v1.0.0

Anchor Sheet

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:41 AM.

Analysis

Anchor Sheet appears to be a local, purpose-aligned helper for extracting citation-backed facts, with no evidence of hidden network use, credential access, or destructive behavior.

GuidanceThis skill looks reasonable for local evidence-based writing workflows. Before installing, note that it runs Python over your workspace files and writes a persistent anchor sheet that later writers may treat as authoritative. Use the default scoped paths when possible and review the generated anchors before relying on them.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
`python scripts/run.py --workspace workspaces/<ws>` ... `--inputs <semicolon-separated>` ... `--outputs <semicolon-separated>`

The skill is intended to run a local Python helper and allows custom input/output paths. This is coherent with the task, but users should avoid pointing it at unintended files or locations.

User impactIf invoked with unusual paths, the helper may read or overwrite files outside the expected anchor-sheet workflow.
RecommendationUse the default paths when possible, and keep any custom --inputs or --outputs within the intended workspace.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
metadata
Source: unknown; Homepage: none; Code file presence: 8 code file(s)

The package has no declared upstream source or homepage and includes bundled helper/tooling code. There is no evidence of malicious behavior, but provenance is limited.

User impactA cautious user has less upstream context for where the bundled code came from.
RecommendationReview the included Python files if provenance matters for your environment, especially before using the helper on important workspaces.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Outputs: `outline/anchor_sheet.jsonl` ... `Treat them as **must-use hooks**, not optional ideas.`

The generated anchor sheet is persistent local context that downstream writing agents are expected to use. This is the skill’s purpose, but inaccurate or low-quality anchors could steer later drafting.

User impactBad or stale evidence in the anchor sheet could be carried into later writing as if it were authoritative.
RecommendationReview the generated anchor_sheet.jsonl before downstream drafting, especially citations, numeric claims, and limitations.