Back to skill
Skillv1.0.0
ClawScan security
室内设计师小红书文案助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 8:30 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill’s code and instructions match its stated purpose (generating Xiaohongshu copy for local interior designers); it has no extra credentials, no risky install, and its behavior is transparent.
- Guidance
- This skill is internally coherent and low-risk: it only formats a prompt and relies on the platform LLM to generate copy. Before installing, note that (1) the skill source/homepage is unspecified — review authorship if that matters to you; (2) any prompts you send to the platform LLM will be transmitted to that model, so avoid including client PII or confidential project details in prompts; (3) always review generated copy for accuracy, compliance, and local advertising rules before publishing. If you want extra caution, inspect or run generate.py locally to confirm it only prints the prompt (it does) and avoid enabling any skill-wide permissions you don't understand.
Review Dimensions
- Purpose & Capability
- okName/description match the artifact. The only code (generate.py) produces a templated LLM prompt for local-location/style-themed social copy — this is consistent with the skill’s stated purpose and requires no additional permissions.
- Instruction Scope
- okSKILL.md asks the agent to collect user-provided positioning (location/style/theme) and use the platform LLM to generate titles, body, and tags. It does not instruct reading system files, environment variables, or sending data to third-party endpoints outside the platform LLM.
- Install Mechanism
- okNo install spec; only a small Python script and a SKILL.md. Requirements list python3 (reasonable). No downloads from external URLs or archive extraction are present.
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths. The template expects the platform LLM (OpenClaw) to be used, which is appropriate and proportional for this text-generation task.
- Persistence & Privilege
- okalways is false, user-invocable is true, and disable-model-invocation is false (normal). The skill does not request persistent or cross-skill configuration changes.