Skillv1.1.4

ClawScan security

Vocabulary Builder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 11:30 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's behavior (reading/writing a local vocabulary file and managing quizzes) matches its description; it doesn't request credentials or install code, but it will store user-provided text in workspace files so consider privacy of saved content.
Guidance: This skill is coherent and does what it says: it adds and manages vocabulary entries in a local workspace file (memory/vocabulary.md) and reads audio files from docs/tts-fr/. Before installing, consider: (1) privacy — the skill will save sentences and context you provide into a file in the agent workspace (don’t paste sensitive excerpts if you don’t want them stored); (2) backups — if you want to keep or remove saved vocab, verify or back up the memory/vocabulary.md file; (3) scheduled quizzes — the skill references scheduled/cron quizzes and can be invoked by the agent autonomously, so if you prefer no automatic prompts make sure your agent's trigger settings prevent unwanted runs. If you want to be extra cautious, inspect the workspace file after first use and confirm the file paths match your expectations.

Review Dimensions

Purpose & Capability: okName/description (vocabulary collection, quizzes, spaced repetition) align with the actions in SKILL.md: reading and appending structured entries to memory/vocabulary.md and reading audio files from docs/tts-fr/. Nothing requested is unrelated to the stated purpose.
Instruction Scope: noteInstructions explicitly tell the agent to read and write the workspace file memory/vocabulary.md (including using 'tail' or direct file reads) and to read audio files from docs/tts-fr/. This is within scope, but the skill will persist user-provided text (context sentences, book excerpts) to a local file — a privacy consideration. The doc also references 'memory_search' (platform memory API) but does not declare or explain it; that is likely a platform capability but is not otherwise required by the skill metadata.
Install Mechanism: okNo install spec or code files are present (instruction-only). Nothing is downloaded, installed, or executed beyond recommended file reads/writes, so install risk is minimal.
Credentials: okThe skill declares no environment variables, credentials, or config paths. Its file access is limited to the workspace paths it documents. There are no unexplained credential requests.
Persistence & Privilege: notealways:false (no forced inclusion). The skill expects to store user data in a workspace file and mentions scheduled/cron-triggered quizzes; combined with autonomous invocation allowed by default, this means the agent could run these quizzes automatically if the broader agent environment triggers the skill. This is not inherently dangerous but is a privacy/notification consideration for users.