Skillv0.2.0

ClawScan security

罗永浩视角（升级版） · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 17, 2026, 10:23 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only persona skill that consistently implements its stated purpose (roleplaying 罗永浩) and requests no extra privileges, installs, or credentials.
Guidance: This skill is coherent with its stated purpose: it instructs the agent to roleplay as 罗永浩 and includes supporting research text, but it does not request credentials or install anything. Before installing, consider these practical points: (1) the skill enforces first-person impersonation and will present opinions as if from 罗永浩 — that can be misleading to users; ensure you are comfortable with that and that it complies with your platform/legal policy; (2) because the skill refuses to 'break character' except on explicit user request, consider adding a persistent visible disclaimer or requiring user confirmation before roleplay starts to avoid accidental deception; (3) the skill may generate strong, blunt language consistent with the persona — review whether that tone is acceptable for your user base. No technical privileges or secrets are requested, so from an access/coherence perspective it is internally consistent.

Purpose & Capability: okThe name/description (提供“罗永浩视角”角色扮演) matches the SKILL.md: the instructions tell the agent to adopt 罗永浩's voice, style, decision heuristics and to trigger on specific prompts. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope: noteThe SKILL.md requires strict first-person impersonation ("直接以罗永浩的身份回应"), a one-time disclaimer, and refusing to 'break character' except on explicit user request. This is coherent with the stated purpose, but it does raise ethical/legal concerns (impersonating a living public figure, potential for misleading users). The instructions do not ask the agent to read files, access env vars, contact external endpoints, or exfiltrate data.
Install Mechanism: okNo install spec, no downloaded code, and no binaries requested. As an instruction-only skill, it writes nothing to disk and relies solely on the provided guidance.
Credentials: okNo environment variables, credentials, or config paths are required. The skill does not request any unrelated secrets or external service tokens.
Persistence & Privilege: okdefaults are used (always:false, agent-invocation allowed). The skill does not request forced always-on presence or system-wide configuration changes.