Back to skill
Skillv1.0.1
ClawScan security
task-status · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 10:46 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and external call are coherent with its stated purpose (querying job status); it requires no credentials or installs and only calls the declared API endpoint.
- Guidance
- This skill appears to do exactly what it says: call the AICNIC jobs API and return data.jobState. Before installing, consider whether you trust the remote endpoint (www.aicnic.cn) and its handling of any job identifiers you send. Note the SKILL.md uses plain HTTP (not HTTPS) — if jobIds or job metadata are sensitive, unencrypted transport could expose them on the network. If the target API should require authentication in your environment, verify how credentials would be provided and whether the skill would need changes to support secure access.
Review Dimensions
- Purpose & Capability
- okName and description match the runtime instructions: the SKILL.md explicitly calls the AICNIC jobs API and extracts jobState. There are no unrelated env vars, binaries, or config paths requested.
- Instruction Scope
- noteInstructions are narrowly scoped to taking a jobId, calling the specified API, and parsing data.jobState. One security/privacy note: the SKILL.md uses plain http:// (not HTTPS), which means requests and responses (including jobId and status) would be sent unencrypted over the network — this may expose sensitive job identifiers or metadata in transit.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk or installed, which is the lowest-risk install model.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths, which is proportionate for a simple status-querying skill.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent privileges; autonomous invocation is allowed (platform default) and is not combined with other concerning privileges.