Back to plugin
Pluginvv0.1.0
ClawScan security
quenitybase44 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 22, 2026, 9:49 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill bundle contains only a one-line SKILL.md (no runtime instructions) plus marketing copy and images, which is internally inconsistent and could allow unintended behavior; it should be clarified before use.
- Guidance
- This package is internally inconsistent: it contains many social-media text and image assets but no runtime instructions or meaningful description. Before installing or enabling it, ask the publisher to (1) provide a clear SKILL.md describing exactly what the skill does and what files it will read, (2) remove or explain any hidden/unexpected characters (the scanner flagged unicode-control-chars), and (3) confirm whether the included assets are safe and intended (images include embedded metadata from generative tooling). If you must test it, do so in a restricted sandbox with no access to secrets or private systems. If the author cannot justify the mismatch between assets and the empty SKILL.md, treat the skill as untrusted.
- Findings
[unicode-control-chars] unexpected: A pre-scan detected unicode-control-chars in the SKILL.md/content. The visible SKILL.md is just a single word, so hidden control characters are unexpected. They may come from embedded image XMP/metadata copied into files or be an attempt at prompt-injection/obfuscation. Recommend manual inspection and removal of any zero-width/control characters and validation that SKILL.md contains only intended instructions.
Review Dimensions
- Purpose & Capability
- concernThe skill name and description provide no clear purpose and the SKILL.md contains only a single word. The package does include a set of social-media text and image assets, but nothing in the manifest or SKILL.md explains how an agent should use them. That mismatch (assets present but no instructions, and a meaningless description) is incoherent and requires clarification from the author.
- Instruction Scope
- concernThere are no runtime instructions constraining the agent. Because SKILL.md is empty of operational guidance, an agent granted this skill could (depending on platform defaults) read and use the included files arbitrarily. The pre-scan flagged unicode-control-chars associated with the SKILL.md/content, which could indicate hidden characters in metadata — this deserves manual review.
- Install Mechanism
- okNo install spec and no code files: the skill is instruction-only and does not write binaries or download external artifacts during install. This is the lowest-risk install profile.
- Credentials
- okThe skill declares no required environment variables, no credentials, and no config paths. There is no apparent request for secrets or unrelated privileges.
- Persistence & Privilege
- okalways is false and the skill does not request elevated persistence or modify other skills. Model invocation is allowed (platform default) but that alone is not a red flag here.