Skillv1.0.0

ClawScan security

Meeting Notes Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 2, 2026, 4:22 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The files, runtime instructions, and requested environment are coherent with a local meeting-notes generator; nothing in the package asks for unrelated credentials or installs remote code.
Guidance: This package appears to be a local, self-contained meeting-notes formatter implemented in Python and matches its description. Before installing or running: (1) review the full Python file for any network calls or subprocess usage (the visible code appears local-only); (2) be aware SKILL.md mentions integrations (Notion, Email, Calendar) but no connectors or credential requirements are included—if you or someone extends the skill to add integrations, expect to supply API keys/tokens then; (3) run the script on non-sensitive sample data first; (4) if you need integrations, prefer implementing them explicitly and securely (use least-privilege API keys and explicit host URLs).

Purpose & Capability: okThe skill name/description (meeting notes, summaries, action items) matches the provided code and SKILL.md examples. Required binary is only python3, which is appropriate for the included Python script. There are no unexpected credential or cloud requirements listed.
Instruction Scope: noteSKILL.md describes export/integration features (Notion, Email, Calendar) but provides no implementation or instructions that access external services or request credentials. The included Python script formats templates and sample data locally and does not perform network I/O in the visible code. The discrepancy (mentions integrations but no code or env vars) is a documentation gap rather than an obvious risk.
Install Mechanism: okNo install spec; this is instruction-only plus an included Python script. Nothing is downloaded from external URLs or installed automatically, so there is low install-time risk.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That is proportional to the script, which uses only local sample data and formatting functions.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent system-wide privileges. It only requires python3 to run its local logic.