Skillv1.0.0

ClawScan security

Dissertation Workflow Core · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 2, 2026, 4:28 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to manage a full dissertation workflow but its runtime instructions reference local scripts, files, and external services (Google Drive, Zotero) while providing no code, no install, and no credentials — the pieces don't line up.
Guidance: This skill's instructions expect local scripts, project folders, and external services (Zotero, Google Drive) but none of those are provided or declared. Before installing or enabling it: (1) ask the publisher for the missing scripts and templates or confirm they already exist in your environment; (2) confirm exactly how Zotero/Drive access will be authorized (which tokens or platform connectors will be used) and avoid supplying broad credentials unless you trust the author; (3) restrict autonomous invocation or require explicit confirmations for actions that read or upload sensitive interview or chapter files; (4) if you do not control the referenced /home/ubuntu paths, do not grant the agent access. Without those clarifications, the skill is internally inconsistent and could cause the agent to try to access unexpected local or external resources.

Review Dimensions

Purpose & Capability: concernThe skill's purpose (full-cycle dissertation support) is plausible, but the SKILL.md repeatedly instructs the agent to run local scripts and to load local knowledge-bases under /home/ubuntu/skills/dissertation-workflow-system-core/ and to interact with Zotero and Google Drive. The package contains only SKILL.md and declares no code, no install, and no required credentials — a mismatch between stated capabilities and what would actually be needed to perform them.
Instruction Scope: concernInstructions tell the agent to run specific Python scripts (e.g., scripts/status_tracker.py, scripts/zotero_connector.py), to read many local files and folders (references/rq_framework.md, references/mentor_patterns.md, 01_Completed_Chapters/, 03_Interview_Data/), to present templated interactive UIs (templates/interactive_ui.md), and to query external services (Google Drive, Google Scholar) via a 'search' tool — none of these files/tools exist in the provided bundle and no access/credentials are declared. The instructions also mandate ALWAYS reading this skill before any dissertation task, which centralizes control but does not resolve the missing dependencies.
Install Mechanism: concernThere is no install spec (instruction-only), which normally reduces risk. However, the runtime steps assume local helper scripts and connectors will be present and executable. Because those scripts are not included and there is no install step to provision them, the instructions are effectively pointing at non-existent on-disk code — an incoherence that could lead the agent to attempt to access arbitrary local paths or external resources to satisfy the steps.
Credentials: concernThe SKILL.md expects access to private data (interview transcripts, completed chapters) and to external services (Zotero, Google Drive, Google Scholar) but the skill declares no required environment variables, API keys, or auth mechanisms. That omission is disproportionate: integrating Zotero/Drive normally requires credentials or platform-provided connectors. The skill could therefore prompt the agent to seek credentials or attempt access to local files without explicit consent or declared requirements.
Persistence & Privilege: noteThe skill does not request always:true and defaults to normal autonomous invocation. Autonomous invocation is standard; however, combined with the instruction set's broad scope (accessing local project folders and external libraries), it increases potential impact if the agent is allowed to act without per-action confirmations. The skill does not request modifying other skills or system-wide settings.