Skillv1.0.0

ClawScan security

内容创作与发布全流程 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 1, 2026, 3:01 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is incomplete — it contains only a short instruction telling the agent to retrieve code from a GitHub repo and gives broad permission to use Bash, which is coherent with its stated purpose but leaves the agent able to fetch and run arbitrary external code without verification.
Guidance: This skill package is incomplete: it only points to a GitHub repo and asks you to get the real files yourself. Before enabling it, inspect the referenced repository (https://github.com/anbeime/skill → skills/content-creation-publisher/) and review any scripts or binaries there. Do not allow the agent to autonomously download-and-execute remote code you haven't reviewed. If you must use it, either (1) vet and fork the repo, then install from your fork, or (2) restrict the agent's ability to run shell/network commands and only provide verified code/artifacts. If you can't review the repo or don't trust the source, avoid installing this skill.

Review Dimensions

Purpose & Capability: noteThe name/description claim a 'sync from cloud repo' capability which matches the SKILL.md reference to a GitHub repository. However, the packaged skill provides no code, no concrete sync implementation, and no declared dependencies — it essentially delegates all action to fetching external repo contents, which is an incomplete packaging choice.
Instruction Scope: concernThe SKILL.md tells the agent to 'visit the cloud repo to get the full skill files and instructions' and allows Bash. This is vague and grants broad discretion: an agent could download and execute code from that external repo (or run arbitrary network/shell commands) even though no safe constraints, verification steps, or exact commands are provided.
Install Mechanism: noteThere is no install spec (lowest-risk packaging), but the instructions explicitly point to an external GitHub repo as the source of runtime files. GitHub is a known host (not a shortener or personal IP), but because the skill relies on fetching code that is not bundled or vetted, the effective install mechanism is 'download-and-run' which raises risk unless the repo is inspected first.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There is no apparent demand for unrelated secrets.
Persistence & Privilege: okalways is false and there is no indication the skill requests persistent system-wide changes or elevated privileges. It does, however, permit autonomous invocation (the platform default).