Skillv1.0.0

ClawScan security

WPS PowerPoint · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 18, 2026, 4:14 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (create/read/edit .pptx) matches the SKILL.md, but the instructions reference missing helper docs and an unspecified tool (jupyter_cell_exec) and rely on platform paths (<OUTPUT_ROOT>), which is incoherent and warrants caution.
Guidance: This skill appears to do what it claims (editing/creating .pptx) but its instructions reference missing helper files and an unspecified tool (jupyter_cell_exec) and use platform paths like <OUTPUT_ROOT>. Before installing or enabling it, ask the publisher or maintainer to: 1) provide the referenced files (skills/pptx/read_ppt.md, gen_ppt.md, pptxedit.md) so you can inspect their exact commands and file accesses; 2) explain what jupyter_cell_exec is, whether it runs arbitrary code or has filesystem/network access, and whether it is already trusted in your environment; 3) confirm where <OUTPUT_ROOT> maps to and how uploaded/created .pptx files are stored/transmitted (are files ever uploaded to external servers?); and 4) if possible, test the skill in a sandboxed environment with non-sensitive PPTX files. If the publisher cannot supply the missing docs or the tool details, consider the skill untrusted—the missing material is an unresolved incoherence that could hide undesired behavior.

Review Dimensions

Purpose & Capability: noteName/description align with the requested capability (PPTX create/read/edit). The skill requires no credentials or installs, which is proportionate — however the SKILL.md references additional internal docs (skills/pptx/read_ppt.md, gen_ppt.md, pptxedit.md) that are not present in the package, indicating incomplete or inconsistent packaging.
Instruction Scope: concernRuntime instructions tell the agent to use a tool named jupyter_cell_exec to read internal guide files and reference platform paths (<OUTPUT_ROOT>). Those helper files are not present, and jupyter_cell_exec is not declared or described — the instructions therefore depend on unspecified tools/files and grant the agent discretionary actions (reading/writing files) without clear boundaries.
Install Mechanism: okNo install spec and no code files (instruction-only) — lowest install risk. Nothing will be downloaded or written by an install step.
Credentials: noteThe skill requests no environment variables or credentials, which is appropriate for the stated PPTX tasks. However, instructions reference platform-specific paths and tools (e.g., <OUTPUT_ROOT>, jupyter_cell_exec) that could implicitly access files — the lack of explicit declarations means the agent's file and tool access is unclear.
Persistence & Privilege: okalways is false and there are no install hooks; autonomous invocation is allowed by platform default (disable-model-invocation=false). The skill does not request persistent privileges or modify other skills, so persistence/privilege level is ordinary.