Skillv2.3.6

ClawScan security

Return Policy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 17, 2026, 7:00 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to do exactly what it says (generate return/refund policies and provide a small local utility); it has no network exfiltration, no secret requests, and writes only local files under a configurable data directory.
Guidance: This skill appears to be a straightforward local return-policy generator. Before installing or running it: (1) know that it will create a data directory (by default ~/.local/share/return-policy) and write logs/data there; (2) it requires a POSIX shell and python3 to run (these were not listed in the metadata); (3) you can override where it stores data by setting RETURN_POLICY_DIR — do not point that to sensitive system or credential directories; (4) the scripts do not connect to the network or ask for secrets. If you want to be extra cautious, inspect the scripts on disk and run them in a restricted environment (container or throwaway user) before giving them access to important files.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (return-policy generator) matches the included scripts and SKILL.md. Minor inconsistency: the bundled scripts invoke python3 but the registry metadata lists no required binaries. In practice python3 (and a POSIX shell) are required for the scripts to run; this is a small metadata omission rather than malicious behavior.
Instruction Scope: noteThe SKILL.md and scripts instruct the agent to run local commands and generate policy text/HTML. The runtime instructions do not access network endpoints or read arbitrary system files. The scripts do create and append to files under a data directory (default: ${XDG_DATA_HOME:-$HOME/.local/share}/return-policy), so the skill will persist user-provided entries/logs on disk. This is expected for a local utility but worth noting.
Install Mechanism: okNo install spec / no remote downloads. The skill is instruction-and-script-only; nothing is pulled from external URLs at install time, which minimizes risk.
Credentials: noteThe skill does not request credentials or secrets. It does read standard environment variables (XDG_DATA_HOME, HOME) and honors an optional RETURN_POLICY_DIR to override storage path; RETURN_POLICY_DIR is not declared in requires.env metadata. This is reasonable, but users should be aware they can change RETURN_POLICY_DIR to point to arbitrary paths (so avoid setting it to sensitive system locations).
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated privileges. It only persists data under a per-user data directory and its own history.log/data.log files. There is no attempt to modify other skills or system-wide configurations.