Back to plugin
Pluginvv1.0.1
ClawScan security
summitentertainmentstudio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 23, 2026, 11:42 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill has no meaningful instructions or declared purpose but packages a large Instagram/Facebook data archive (messages, profile info, media, login/security logs) — a mismatch that looks suspicious and needs clarification before use.
- Guidance
- Do not install this skill until the author explains why a full Instagram/Facebook data export is bundled. Steps to consider before proceeding: - Ask the publisher why the skill includes personal data (messages, login history, media) and for a clear, minimal purpose that justifies each file. Reject the skill if you get no satisfactory explanation. - If you or your organization accidentally packaged exported personal data into the skill, remove those files and republish a version that contains only code/instructions needed for functionality. - If you have already installed or invoked the skill, assume the exported data could have been exposed: remove the skill, audit accesses, and rotate any credentials associated with the accounts in the export. - Treat the presence of private messages, security/login activity, and media as high-sensitivity — do not share screenshots or downloads of this package publicly. - If you need this skill's functionality, request a version that does not include personal data and that documents what it accesses and why. Additional info that would raise or lower confidence: confirmation from the owner explaining the purpose of the included archive (lowers suspicion), or evidence that the package was intentionally prepared to harvest or exfiltrate user data (would raise to malicious).
- Findings
[unicode-control-chars] unexpected: Unicode control character patterns were detected in the SKILL.md content. The SKILL.md is otherwise trivial; this could be an artifact, an attempt to obfuscate, or leftover from copying data into the package. It is unusual and worth questioning the author.
Review Dimensions
- Purpose & Capability
- concernThe name/description (both just 'summitentertainmentstudio') provide no clear purpose, yet the package contains what appears to be a complete Instagram data export (personal_information, messages, ads info, media files, login activity, etc.). There is no declared reason this skill would need or ship that data; bundling a user's personal archive is disproportionate and incoherent with any ordinary skill purpose.
- Instruction Scope
- concernSKILL.md contains essentially no runtime instructions (just the skill name). That alone would be low-risk, but the presence of many sensitive files means an agent or hosted runtime that exposes skill files could access and transmit those contents even though the instructions don't mention them. The package gives the agent access surface to private messages, media, and security/login history without justification.
- Install Mechanism
- okThere is no install specification and no code files to execute — the skill is instruction-only. That reduces installation risk because nothing is downloaded or installed at runtime.
- Credentials
- concernThe skill requests no environment variables or credentials, yet includes large amounts of sensitive personal data (messages, profile, device and login history, media). Requesting no credentials does not justify packaging private user data inside the skill; the content is disproportionate to the declared metadata and creates a privacy risk.
- Persistence & Privilege
- okThe skill does not request always:true and uses default invocation settings. It does not appear to ask for system-wide privileges. However, the combination of accessible files plus autonomous invocation would raise the blast radius if the skill were later updated with active behavior.