Skillv2.9.5

ClawScan security

Contract Reviewer Wudi · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 23, 2026, 6:51 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, instructions, and requirements are consistent with a local contract‑review tool that reads Word/PDF inputs, runs OCR and generates Track Changes output; nothing in the provided material demands unrelated secrets or system privileges — but you should review and run the code from this unknown GitHub source with normal caution.
Guidance: This skill appears coherent for contract reviewing, but you are downloading and running code from an unknown GitHub fork. Before installing: (1) inspect the Python scripts for any network calls, subprocess.exec usage, or references to external endpoints or hidden credentials; (2) run tests in an isolated/sandbox environment (container or VM); (3) verify third‑party dependencies (python-docx, OCR tools) and install them from trusted sources; (4) confirm GPL-3.0 license obligations if you distribute or modify the tool; (5) if you plan to process sensitive contracts, ensure no code transmits documents externally and consider keeping processing on an air‑gapped or enterprise‑approved environment. If you want, provide the contents of key scripts (e.g., full_pipeline.py, apply_changes.py, pdf_ocr.py) and I can point out any networking or exfiltration code patterns that would raise stronger concerns.

Review Dimensions

Purpose & Capability: okName/description (Chinese contract reviewer producing Word Track Changes) matches the repository contents: parsing, OCR, clause libraries, apply_changes and generate_clean scripts, and contract-type JSONs. Declared dependencies (python-docx, pdf libs, Tesseract, LibreOffice) are sensible for the stated functionality.
Instruction Scope: okSKILL.md describes workflows that operate on uploaded Word/PDF files, produce tracked changes/comments, OCR scanned PDFs, and manage iterations — all within the domain of contract review. The instructions do not request unrelated files, credentials, or network exfiltration in the visible text.
Install Mechanism: noteThere is no platform install spec (the skill is instruction-only) but SKILL.md instructs users to git clone the repo from an external GitHub URL. Cloning and running third‑party code is standard for this type of skill but carries the usual risk of running arbitrary code from an untrusted source; review the scripts before executing and prefer a sandboxed environment.
Credentials: okThe skill declares no required environment variables or credentials. That is appropriate for a local document-processing tool. No evidence in SKILL.md or manifest that unrelated secrets are requested.
Persistence & Privilege: okFlags show always:false and no special OS restrictions or config paths. The repo is intended to be installed into the user's Skills directory (per SKILL.md) which is normal and scoped to the skill itself.