v3.4.2

Nlp

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:14 AM.

Analysis

This appears to be a local NLP helper that processes user-provided text or files, with minor packaging notes but no artifact-backed malicious behavior.

GuidanceThis skill looks appropriate for local text analysis. Before installing, note that it runs a bundled bash script and can read any file path you provide, so only point it at documents you are comfortable having analyzed and shown in output.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

All commands accept input via three methods: ... `--file path.txt` — read from a file ... Pipe via stdin

The skill can process local files or piped content through a shell command. This is expected for NLP document processing, but users should be aware that selected file contents are read and output locally.

User impactIf used on sensitive documents, their contents or derived excerpts may appear in terminal output, logs, or downstream agent context.

RecommendationUse it only on files you intend to analyze, and avoid sending highly sensitive documents through agent workflows unless that is acceptable.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceMediumStatusNote

metadata

Required binaries (all must exist): none ... Install specifications: No install spec — this is an instruction-only skill.

The metadata does not declare runtime tools, while SKILL.md documents Bash 4+, grep -P, and awk requirements and the manifest includes scripts/script.sh. This is an under-declared runtime/dependency detail, not evidence of malicious behavior.

User impactThe skill may fail or behave differently on systems lacking the expected shell utilities, even though the registry metadata says there are no required binaries.

RecommendationVerify the bundled script and local shell utilities before use; maintainers should align metadata, SKILL.md requirements, and script versioning.