Skillv0.2.1

ClawScan security

Template SDS Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 4:37 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested resources are consistent with a local, template-preserving SDS generator; nothing requests unrelated credentials or hidden remote endpoints, though it does self-bootstrap a Python virtualenv and install pinned Python packages at first run (expected for this type of tool).
Guidance: This skill appears coherent for its stated purpose. Before running or installing: (1) inspect/replace config/fixed_company.yml so you don't accidentally ship example contact info; (2) review requirements.lock (and optionally run install in an isolated/sandbox environment) because the skill auto-creates a .venv and will pip-install packages from PyPI; (3) ensure you have Python 3.11+ available (SKILL.md requires it) or expect runtime_doctor to report incompatibilities; (4) if you expect scanned PDFs or need PDF export, confirm tesseract and soffice/libreoffice are available on the host; (5) if you have sensitive data, run the tool in a controlled environment since it will read the input files you give it and write outputs under the skill directory. If you want higher assurance, review requirements.lock and run the code in an ephemeral VM or container before using it on production data.

Review Dimensions

Purpose & Capability: okThe name/description (template-preserving SDS generator) matches the files and functionality: parsers for PDF/DOCX, extraction/reconciliation, template filling, and renderers. Required binaries (python3/python/py) align with the Python-based implementation. Config files and preconditions (replace fixed_company.yml, optional OCR/PDF engines) are appropriate for the purpose.
Instruction Scope: okSKILL.md and the entrypoint scripts limit activity to local processing: creating a .venv, installing dependencies, parsing supplied input files, and producing outputs under outputs/runs/... The instructions explicitly require the user-supplied template and prompt files and warn not to fabricate critical fields. There are no instructions to read unrelated system files or to send data to external APIs.
Install Mechanism: noteThere is no platform package install spec, but the skill is self-bootstrapping: on first run it creates a .venv under the skill folder and runs pip install -r requirements.lock. This will fetch packages from PyPI (network access) and write files to the skill directory. This is expected for a Python tool but is a runtime install operation the user should be aware of.
Credentials: okThe skill requests no environment variables or external credentials. It optionally checks for system binaries (tesseract, soffice/libreoffice) but does not require access to unrelated secrets or config paths. The only writable locations are the skill folder (.venv, assets, outputs).
Persistence & Privilege: okalways:false and no special platform privileges. The skill writes its own .venv and output artifacts within its folder and does not attempt to modify other skills or global agent configuration. Autonomous invocation is allowed by default (disable-model-invocation:false) which is normal for skills.