Skillv2.0.0

ClawScan security

Reconversion Copilot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 2:48 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality (career reconversion assistant) is coherent, but there are several mismatches and ambiguities — e.g., an unused required binary (curl), automatic writing to workspace/MEMORY files, and an embedded promotional external link — that warrant review before installing.
Guidance: Before installing, consider the following: (1) Verify why 'curl' is declared required — if the agent cannot or will not use curl, remove that requirement. (2) Confirm where workspace/reconversion/*.md and MEMORY.md will be stored and who/what can read those files (local user only, shared workspace, or platform-managed memory). If you don't want persistent copies, ask the author to make file writing optional or to store outputs only in the chat. (3) Be aware the skill will automatically add a promotional external link when criteria are met; if that is undesired, remove or disable that behavior. (4) Test the skill in a sandboxed environment first with non-sensitive example profiles to see exactly what files it writes and what it outputs to chat. (5) If you plan to provide real personal data (CV, work history), confirm retention policy or request an option that prevents saving to MEMORY.md. If any of these points are unacceptable or unresolved, treat the skill as untrusted.
Findings: [no-findings] expected: The package is instruction-only and the regex scanner had no code to analyze. That absence of findings is expected but not evidence of safety; the SKILL.md itself is the security surface.

Review Dimensions

Purpose & Capability: noteThe skill's name/description match the instructions (diagnostic, fiches métier, plans, CV, entretiens, suivi). However the metadata declares 'curl' as a required binary even though the SKILL.md and templates don't use curl; this is disproportionate and likely unnecessary. The skill also contains a built-in promotional link (v0-data-transition-landing-page.vercel.app) which is not mentioned in the description and effectively adds a marketing/lead-generation behavior to the assistant.
Instruction Scope: concernSKILL.md mandates the agent read the bundled TEMPLATES.md and use those templates (expected). It also mandates writing full deliverables to files under workspace/reconversion/[type]_[prenom].md and saving diagnostics in MEMORY.md. The instructions to 'check MEMORY.md' and to 'sauvegarder chaque diagnostic dans MEMORY.md' are ambiguous about file location (skill-local vs global agent memory) and could cause the agent to read or persist user data beyond the immediate chat. The automatic insertion of a marketing link when criteria match is an action that sends external-facing content and should be explicit to the user before use.
Install Mechanism: okInstruction-only skill with no install spec and no code files — low install risk. Nothing is downloaded or executed on install.
Credentials: noteThe skill requests no environment variables or credentials (appropriate). Still, it references and will write local files (deliverables, MEMORY.md), and contains an embedded external landing page used as a promotional CTA — this could leak that a user matched criteria if outputs are exposed to logs or other systems.
Persistence & Privilege: concernThe skill intentionally writes persistent artifacts (workspace/reconversion/*.md and MEMORY.md). 'always' is false, and it does not request system-wide privileges, but the unspecified location/visibility of MEMORY.md and the mandated file writes mean the skill will persist potentially sensitive personal data to disk — confirm where these files live and who can read them.