Skillv1.0.0

ClawScan security

ieee-reference-manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 9:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with a BibTeX/IEEE-reference management helper; nothing requested is disproportionate to the stated purpose.
Guidance: This skill appears to do what it says: check and fix IEEE-style BibTeX references and validate DOIs. Before installing or running it, consider: (1) Make a backup or run it on a copy of your .bib/.tex files so accidental edits can be undone. (2) Ensure Python and a shell are available if you expect it to run auxiliary scripts (SKILL.md references python commands) — the skill doesn't declare these binaries. (3) DOI/metadata checks use web queries (WebSearch/WebFetch) — titles/DOIs will be sent to external resolvers; avoid running it on highly sensitive, private bibliographic data unless you're comfortable with that. (4) The skill claims it will show Before/After and ask confirmation before writing — verify this behavior on first use. If you need stronger guarantees, run the analysis-only path (no automatic edits) or inspect suggested changes before accepting them.

Review Dimensions

Purpose & Capability: okThe name/description (IEEE Trans reference manager) match the actual instructions: parsing .bib/.tex, DOI checks, journal-name normalization, duplicate detection, and optional use of auxiliary scripts. The allowed tools (Read/Edit/Write/Bash/Glob/Grep/WebSearch/WebFetch/Agent) are appropriate for file scanning, local script invocation, and online DOI verification.
Instruction Scope: noteSKILL.md confines actions to bibliography-related tasks (locating .bib/.tex, parsing entries, cross-checking citations, and calling DOI resolvers). It explicitly requires showing Before/After and asking for confirmation before modifying files. Note: DOI/meta validation uses WebSearch/WebFetch which will send paper identifiers/titles to external services — this is expected for verification but is the main surface that could leak content externally if the user considers bibliographic contents sensitive.
Install Mechanism: okInstruction-only skill with no install spec and no code files to write or download. This is lowest-risk from an installation perspective.
Credentials: noteThe skill declares no required environment variables or credentials (appropriate). One minor mismatch: SKILL.md references running Python scripts (analyze_bib.py, nameTranslate.py) and shell commands (python analyze_bib.py), but the registry metadata lists no required binaries; the agent/platform must provide python/bash for script execution. No secrets or unrelated credentials are requested.
Persistence & Privilege: notealways:false and no install means the skill does not request permanent presence. The skill uses Read/Edit/Write tools and can modify files, but SKILL.md states it will show Before/After and requires user confirmation before changes. Be aware that autonomous invocation (default platform behavior) plus write access increases impact if misused — however this is a normal platform pattern and the skill documents confirmation behavior.