Back to skill
Skillv1.0.0
ClawScan security
Document Learning · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 12, 2026, 1:39 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and requested operations are consistent with a document-reading/progress-tracking tool and do not request unrelated credentials or network installs.
- Guidance
- This skill appears to do what it says: reading documents, chunked extraction, and saving progress and summaries to local memory files. Before using: (1) only supply document paths you trust (the scripts will read any path you give them); (2) expect the skill to create/update .multi_doc_learning_progress.json in the current working directory and .document_learning_progress.json alongside documents and to write memory/YYYY-MM-DD.md or MEMORY.md as described; (3) there are no network calls or credential requests, but pdfplumber is needed to read PDFs (install it in a safe environment if required); (4) if you are concerned, review the two included Python scripts or run them in a sandboxed workspace to confirm behavior.
Review Dimensions
- Purpose & Capability
- okName/description match the included scripts and docs: both Python scripts implement reading large PDFs/text, chunking, extracting key points, and tracking progress across multiple documents. There are no unexpected credential or network requirements.
- Instruction Scope
- noteSKILL.md and references instruct the agent to read documents (paths provided by the user), save progress, and integrate notes into MEMORY.md / memory/YYYY-MM-DD.md. This is expected, but the skill will read any file path you give it and will create/update local progress and memory files in the workspace.
- Install Mechanism
- okNo install spec is present (instruction-only with bundled scripts). The scripts optionally use pdfplumber (standard Python package) if available; nothing is downloaded or executed from remote URLs.
- Credentials
- okThe skill declares no environment variables, credentials, or external config paths. The file I/O it performs (reading documents, writing .multi_doc_learning_progress.json and per-document .document_learning_progress.json, and writing memory files) is proportional to its stated purpose.
- Persistence & Privilege
- noteThe skill is not always-enabled and does not request elevated platform privileges, but it will create/update local progress files ('.multi_doc_learning_progress.json' in cwd and '.document_learning_progress.json' in document directories) and may add entries to MEMORY.md / memory/ files per its documentation. That is normal for this functionality but worth knowing.