ClawHub
Back to skill
v0.9.0

gembox-skill

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:13 AM.

Analysis

This instruction-only GemBox coding helper is coherent and mainly points the agent to official documentation plus local .NET validation commands, with no bundled code, credentials, or persistence.

GuidanceThis appears safe for GemBox-related coding help. Before installing, be aware that it may guide the agent to run local .NET commands, search local NuGet documentation, and compile your project; approve commands deliberately and verify official GemBox details from the vendor site if provenance matters.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Once you are finished, validate the code by compiling the project.

The skill directs the agent to use local development tools for validation. This is expected for coding assistance, but it means the agent may run project-level build commands.

User impactThe agent may run normal .NET development commands and inspect local package documentation while helping with GemBox code.
RecommendationUse in a normal development workspace and review any proposed command before allowing it to run, especially in projects with custom build steps.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
metadata
Source: unknown; Homepage: none

The registry metadata does not provide a source repository or homepage, limiting provenance verification. The risk is reduced because this is an instruction-only skill with no bundled code or install script.

User impactYou cannot verify from the provided metadata alone whether this skill is officially maintained by GemBox.
RecommendationDo not treat it as official solely based on the name; compare its guidance with GemBox's official website and documentation when needed.