conference-abstract-adaptor Security Report — Low Risk | ClawSafe

20 /100

conference-abstract-adaptor

Adapt abstracts to meet specific conference word limits and formats

Conference Abstract Adaptor skill performs only declared text-processing functionality with no sensitive resource access, but SKILL.md fails to declare required filesystem permissions in the allowed-tools section.

Skill Nameconference-abstract-adaptor

Duration24.7s

Enginepi

✓

Safe to install

Add allowed-tools declaration to SKILL.md specifying Read (filesystem:READ) and Write (filesystem:WRITE) to match the script's actual resource usage. Complete the security checklist items to document the security posture accurately.

Findings 2 items

Severity	Finding	Location
Low	Missing allowed-tools declaration Doc Mismatch SKILL.md declares risk_level 'Medium' and documents file read/write operations but omits the allowed-tools section entirely. This is a documentation gap — not a security violation in the code itself. `No allowed-tools section present in the SKILL.md metadata` → Add an allowed-tools section mapping Read→filesystem:READ and Write→filesystem:WRITE to accurately reflect the skill's resource requirements.	`SKILL.md:1`
Low	Incomplete security checklist Doc Mismatch All 9 security checklist items in SKILL.md are unchecked, leaving the security posture undocumented. While the code does not exhibit the listed risks, the unchecked state could mislead reviewers. `- [ ] No hardcoded credentials or API keys` → Mark all applicable checklist items as completed to accurately document the security posture, since the code contains no hardcoded credentials, no path traversal, no prompt injection vectors, and uses only stdlib.	`SKILL.md:45`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✗ Violation	scripts/main.py:130 — open(args.abstract) read; scripts/main.py:139 — open(args.…
Network	`NONE`	`NONE`	—	No network imports or requests found in scripts/main.py
Shell	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution in scripts/main.py
Environment	`NONE`	`NONE`	—	No os.environ access in scripts/main.py
Skill Invoke	`NONE`	`NONE`	—	No skill invocation patterns found
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	No browser access found
Database	`NONE`	`NONE`	—	No database access found

File Tree

2 files · 8.4 KB · 256 lines

Python 1f · 146L Markdown 1f · 110L

├─ ▾ 📁 scripts

│ └─ 🐍 main.py Python 146L · 5.2 KB

└─ 📝 SKILL.md Markdown 110L · 3.2 KB

Security Positives

✓ No subprocess, os.system, or any shell execution — pure Python with stdlib only

✓ No network requests or external API calls of any kind

✓ No credential harvesting, environment variable iteration, or sensitive file access

✓ No obfuscation (base64, eval, atob) or anti-analysis patterns

✓ No path traversal vulnerabilities — input files read directly via argparse

✓ No hidden functionality — all code paths visible and match stated purpose

✓ No supply chain risk — zero third-party dependencies

✓ Functionality is straightforward text processing (word counting, compression, formatting)

Scan Report

Findings 2 items

File Tree

Security Positives