Pluginv0.1.1

ClawScan security

Image-2 Diagram Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 3:29 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's name claims an 'image-to-diagram' capability but the provided SKILL.md and files contain only general agent/workspace guidance and no image-processing instructions, binaries, or dependencies — an incoherent footprint that needs clarification.
Guidance: This package does not contain any image-processing code, APIs, or dependencies despite its name. If you expected an image→diagram tool, don't install or enable it yet — ask the author for the actual implementation, required binaries, and what inputs/endpoints it uses. If you still want to use this as a workspace template, be aware it instructs an agent to read local memory files automatically (including daily and long-term memory) and to perform background tasks like committing/pushing changes; confirm whether you want an agent with that behavior and what access it will have to your files. Finally, watch for any future versions that add messaging integrations or install steps — those will need credential review. My assessment is medium confidence because the package could simply be misnamed or incomplete; seeing an implementation or an updated SKILL.md describing actual image-processing steps would change this to benign.

Review Dimensions

Purpose & Capability: concernThe skill is named 'Image-2 Diagram Skills' and implies image-processing/diagram generation, but there are no code files, no install steps, no required binaries, and no instructions about how to accept images, call an image/vision API, or produce diagrams. Instead the files are general agent workspace docs (AGENTS.md, BOOTSTRAP.md, SOUL.md, etc.). This mismatch suggests the package either is misnamed, incomplete, or is being used as a generic agent template rather than providing the stated capability.
Instruction Scope: concernThe runtime instructions are purely workspace/agent behavior guidance. They explicitly tell an agent to read local files (USER.md, SOUL.md, memory/YYYY-MM-DD.md, MEMORY.md in main sessions) and to perform background tasks (organize files, commit/push changes, connect optional messaging channels). Phrases like 'Don't ask permission. Just do it.' combined with guidance to read memory files mean the skill encourages automatic access to user workspace data. For an image-to-diagram feature this is unrelated and potentially privacy-sensitive if the agent is invoked autonomously.
Install Mechanism: okInstruction-only skill with no install spec and no code files — low installation risk. Nothing is downloaded or written by an installer as part of the skill package.
Credentials: noteThe skill declares no required environment variables or credentials, which is proportionate for a documentation/template skill. However the docs suggest optional integrations (WhatsApp/Telegram) and actions like committing/pushing changes; if those are later added they'd require credentials and should be evaluated. Currently there is no direct credential request.
Persistence & Privilege: notealways is false (normal). The skill permits normal autonomous invocation. Combined with the instruction content that encourages automatic reading of memory and workspace files, this increases privacy risk if the agent calls the skill autonomously — but autonomous invocation alone is platform default and not by itself flagged as malicious.