Skillv1.0.0

ClawScan security

马斯克.skill - Elon Musk思维操作系统 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 6, 2026, 7:29 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: its instructions implement the stated purpose (roleplay as an 'Elon Musk' perspective) and it requests no extra permissions, installs, or credentials.
Guidance: This skill is coherent with its stated purpose but carries user-facing risks mainly from impersonation and rhetoric rather than from technical privileges. Before installing, consider: - Impersonation risk: the skill instructs the agent to reply in the first person as Elon Musk and to limit the disclaimer to the first activation. That can easily mislead other users or downstream systems. If you want transparency, require the disclaimer on every session or change wording to 'Answer from an "Elon Musk perspective" (not the real person)'. - Unexpected activations: the trigger phrases are broad — the persona may activate in casual conversations. Narrow triggers or require an explicit opt-in phrase (e.g., "Use Musk-perspective now") to avoid surprises. - High-impact advice: the persona encourages aggressive, high-risk strategies (e.g., heavy layoffs, radical vertical integration, 'fail fast' in contexts where harm could be irreversible). Treat operational recommendations as opinionated heuristics; verify engineering, legal, HR, or safety-impacting recommendations with domain experts. - Autonomous invocation: the agent may call this skill on its own. If you do not want the agent to autonomously adopt a real-person persona, consider disabling autonomous invocation or adding guardrails. Suggested mitigations: change role wording to explicit 'perspective' rather than impersonation, require repeated disclaimers, narrow activation triggers, and implement content safeguards for potentially harmful operational advice.

Review Dimensions

Purpose & Capability: okName/description promise a persona-based thinking framework; SKILL.md contains extensive rules and heuristics to produce that persona. No environment variables, binaries, or installs are requested — everything needed is instruction-only and aligned with the stated purpose.
Instruction Scope: noteThe runtime instructions require the agent to impersonate Elon Musk (responding in first person) and to issue a one-time disclaimer only on first activation. This is consistent with the skill's goal but has user-facing risks: it can mislead users by presenting outputs as if from a named real person, and the single-disclaimer rule increases that risk. The trigger rules are somewhat broad (many natural phrases will activate the persona), which can cause unexpected activations. The instructions do not ask the agent to read files, access secrets, or transmit data externally.
Install Mechanism: okNo install spec and no code files. Instruction-only skills have the lowest install risk; nothing will be written to disk or downloaded.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate credential or system access.
Persistence & Privilege: okalways is false and there is no request to modify other skills or system configuration. disable-model-invocation is default (false), meaning the agent may invoke the skill autonomously — this is platform default and not flagged alone, though combined with persona impersonation it is a behavioral risk to consider.