Back to skill
Skillv1.0.7
ClawScan security
info-research-report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 4, 2026, 1:22 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested environment are coherent with its stated purpose (automated research-report generation and emailing); the main risk is privacy exposure from sending fetched webpage content to third‑party LLMs (which the skill itself warns about).
- Guidance
- This skill appears to do what it claims, but note the privacy tradeoffs: by default it may fetch full web pages and send their text (and generated summaries) to third‑party LLMs (MiniMax/OpenAI). Before using: (1) avoid feeding sensitive or confidential URLs or text into results.json; (2) use dedicated API keys with minimal scope and review provider privacy/retention policies; (3) verify and trust the external tools (mcporter and your email skill) before installing/running them; (4) if you prefer to avoid external LLMs, run with --no-fetch or provide pre‑redacted results.json to keep content local; (5) inspect and confirm the email-mail-master script and its configured SMTP credentials so the report is sent only to intended recipients.
Review Dimensions
- Purpose & Capability
- okName/description (automatic multi-source search → summary → DOCX → email) matches the implementation: run.py generates DOCX, fetches page content via mcporter, calls LLM APIs for summaries, and invokes an email script. Declared external tools (mcporter, email-mail-master) and Python deps (python-docx, requests) are appropriate for the stated tasks.
- Instruction Scope
- noteSKILL.md and run.py instruct the agent to read a local results.json, optionally fetch full page text via mcporter, call third‑party LLMs (MiniMax/OpenAI) with page content, and run an external email script. These steps are within the reported scope, but they do result in webpage content and generated summaries being transmitted to external LLM endpoints — a privacy/PII risk explicitly noted in the skill.
- Install Mechanism
- okNo install spec is provided (instruction-only with bundled code). There is no network installer or archive download in the skill itself. This is low-risk from an installation perspective; the skill does rely on external binaries/tools (mcporter, email-mail-master) which must be installed separately by the user.
- Credentials
- okOnly optional LLM API keys (MINIMAX_API_KEY, OPENAI_API_KEY) and OPENCLAW_SKILLS_DIR are referenced. These are proportionate to the functionality (calling LLMs, looking up the email skill). No unrelated credentials are requested. Email sending will require separate email credentials (not included) which is expected for that feature.
- Persistence & Privilege
- okSkill is not always-on and is user-invocable. Declared permissions (read_files, execute_scripts, network_access) are consistent with its behavior. It does not appear to modify other skills or system settings.