Back to skill
Skillv1.0.0
ClawScan security
CN Daily Tools 中文日常工具 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 9, 2026, 4:04 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (weather, rates, news, tracking) matches its UI templates and requires no credentials, but the runtime instructions are vague about data sources and how 'real-time' data is obtained, which gives the agent broad discretion to fetch/scrape external sites — a potential privacy/ToS/accuracy concern.
- Guidance
- This skill could work by scraping public websites, but the SKILL.md doesn't say which sources or how results are fetched. Before installing, ask the publisher: (1) which data sources/APIs are used for weather, exchange rates, news, and tracking; (2) whether any third-party services receive user queries or metadata; (3) how personal data (e.g., package numbers) is handled, logged, or retained; and (4) whether use may violate carrier/news site ToS. Test with non-sensitive queries and verify accuracy and provenance of results. If provenance isn't provided, treat real‑time claims cautiously.
Review Dimensions
- Purpose & Capability
- noteName and description align with the included tools (weather, exchange, news, tracking). Asking for no env vars or binaries is consistent with an instruction-only skill that scrapes public sources, but the SKILL.md does not document what data sources or services will be used to produce the claimed real-time results.
- Instruction Scope
- concernSKILL.md contains high-level directives like '抓取最新中文新闻' and promises real-time exchange rates and logistics status but gives no constraints or trusted endpoints. That vagueness grants the agent broad network/scraping discretion (which sites, whether forms/JavaScript are executed, whether third‑party APIs are used), and could lead to unexpected data exfiltration, hitting private endpoints, violating site ToS, or returning inaccurate data.
- Install Mechanism
- okNo install spec and no code files — lowest-risk delivery mechanism. Nothing is written to disk by the skill itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — that's proportionate for a read-only information tool. There is no indication it will request unrelated secrets.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent presence or elevated system privileges.