Skillv1.0.0

ClawScan security

📝 文档处理大师 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 10:58 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill promises document upload and automated extraction but provides no code or concrete runtime instructions for how documents are processed or where data goes, creating an unexplained gap between claim and implementation.
Guidance: This skill is missing the critical implementation details that explain how it actually processes documents. Before installing or using it, ask the publisher for: (1) the install source (URL or package registry entry) and a checksum/signature, (2) the runtime code or a link to a public repository you can review, (3) a privacy statement that explains whether processing is local or sent to a remote service and where data is stored, and (4) exact instructions for how uploads are handled. Do not upload sensitive or personal documents to the skill until you verify the implementation and hosting. If you must test it, do so with non-sensitive sample documents in an isolated environment and monitor what network connections or files the installer creates. If the author cannot provide a verifiable install artifact or source code, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernName/description promise: upload any document and extract summaries without an API key. What is actually present: an instruction-only SKILL.md and _meta.json with no code, no install spec, no declared binaries, and no runtime steps showing how uploads or processing are performed. The SKILL.md even suggests running `clawhub install doc-process` but the registry provides no install spec or package source — this mismatch is disproportionate and unexplained.
Instruction Scope: concernSKILL.md contains only brief metadata, two calibration modes, an install command, and contact email; it provides no instructions on how to accept or process uploaded files, whether processing is local or remote, what external endpoints (if any) are used, or what data is logged/transmitted. The instructions are vague and give the agent broad discretion without boundaries.
Install Mechanism: noteThere is no install specification or code included (instruction-only), which minimizes immediate on-disk risk. However, the SKILL.md advertises a `clawhub install doc-process` command while the registry shows no corresponding install spec or package source — this inconsistency is noteworthy because that command (if executed) could pull arbitrary code from an unspecified location.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. There are no overt requests for secrets or unrelated credentials.
Persistence & Privilege: okSkill flags are default (not always: true). Autonomous invocation is allowed (the platform default) but the skill does not request persistent system privileges or to modify other skills. Note: _meta.json contains calibration settings (trustedMode, warmMode) but with no code these are only metadata and don't by themselves grant extra privilege.