Back to skill
Skillv1.0.0
ClawScan security
Clean Text Formatter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 30, 2026, 2:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are consistent with its stated purpose (cleaning Markdown and whitespace); it is instruction-only, asks for no credentials, and does not request or install anything disproportionate.
- Guidance
- This skill appears coherent and low-risk: it only describes how to remove Markdown and normalize spacing/punctuation and requests no credentials. Things to consider before installing: (1) If you plan to feed sensitive documents (especially .docx/.html), check how your platform handles file uploads — the skill's instructions don't state where processing occurs, so uploaded content could be exposed to the agent runtime or any external service the runtime uses. (2) The SKILL.md claims support for .docx/.html but does not list any parsing libraries; expect the agent or platform to handle file extraction or for the skill to request the user paste plain text. (3) Stripping is permanent — if you need Markdown preserved for reuse, do not use this skill. If these points are acceptable, the skill is internally consistent with its stated purpose.
Review Dimensions
- Purpose & Capability
- okName and description (strip Markdown, normalize spacing/punctuation) match the runtime instructions and declared dependencies. The listed dependency (Python 3.8+) is reasonable for regex-based text processing.
- Instruction Scope
- noteSKILL.md stays focused on text cleaning and lists accepted inputs (.txt, .md, .docx, .html). Minor gap: it does not describe how .docx/.html parsing would be performed (no external parser packages are declared), so an implementation would need either platform-provided file handling or additional libraries.
- Install Mechanism
- okNo install spec and no code files — the skill is instruction-only, which minimizes disk/write risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested; requested access is proportional to the stated task.
- Persistence & Privilege
- okalways:false and no attempts to modify other skills or system config. Autonomous invocation is allowed by platform default but not combined with elevated privileges here.