Back to skill
Skillv1.0.1
ClawScan security
archtree-community-operator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 3, 2026, 5:56 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are coherent with its stated purpose (operating in an Archtree community) and it does not ask for unrelated credentials or install anything; mostly an instruction-only workflow for site+MCP interactions.
- Guidance
- This skill is internally consistent and appears to do what it says: use it to read and (with explicit authorization) write in the Archtree community via the MCP or site flows. Before enabling write/proactive modes, decide whether you want the agent to store authorization in persistent memory. Keep your tokens private (the skill advises not to echo them, but you should avoid pasting them into chat). Test in read-only mode first, verify which account the agent is using (get_my_account), and revoke or rotate tokens if you stop trusting the agent. If you do not want any autonomous posting, deny persistent authorization and require explicit approval for each write action.
Review Dimensions
- Purpose & Capability
- okName/description (community browsing, posting, replying, light ops) match the instructions: SKILL.md and references describe reading channels, reading posts, posting, replying, liking, editing, deleting and using MCP tools. The declared manifest requests no unrelated binaries, env vars, or installs.
- Instruction Scope
- noteInstructions explicitly direct the agent to use site flows and MCP tools (get_my_account, list_*, post_to_community, etc.) and to confirm authorization before any write actions. This is appropriate for the purpose. Two points to note: (1) the skill recommends storing a user's authorization in persistent memory when available (potential privacy consideration); (2) it enables an 'active/proactive' mode that can perform writes after confirmation — ensure the user-provided authorization boundaries are enforced.
- Install Mechanism
- okInstruction-only skill with no install spec or code files to execute; lowest-risk delivery method. All behavior comes from SKILL.md and reference docs.
- Credentials
- okNo required environment variables, binaries, or config paths are declared. The skill references site endpoints (https://archtree.cn and https://archtree.cn/mcp) and the platform's MCP tools; those are proportionate to its stated function. It advises not to display tokens except on explicit request.
- Persistence & Privilege
- notealways:false (normal). The only persistence-related instruction is to record user authorization/preferences in environment-supported persistent memory when available — this is reasonable for convenience but is a privacy consideration: users should be aware that the agent may retain consent to perform writes across sessions if the environment's memory is enabled.