Skillv1.0.0

ClawScan security

Pdd Food Category Master · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 1:16 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (Pinduoduo food-store operations coaching) is plausible and instruction-only, but there are mismatches and missing provenance that warrant caution before installing.
Guidance: This appears to be an instruction-only Pinduoduo operations playbook rather than code that installs or accesses your system, but treat it with caution: (1) the package has no source or homepage — ask the publisher for provenance and references or examples before trusting operational claims; (2) the SKILL.md declares 'web', 'terminal', and 'file' toolsets — confirm whether the agent will be allowed to run commands or read/write local files and only enable those if you trust the skill; (3) do not provide platform credentials (store account, PDD tokens, or other secrets) unless you verify the author and need the skill to perform actions on your behalf; (4) be skeptical of absolute guarantees like '100% closed-loop' — these are marketing claims, not technical guarantees. If you want to proceed, run it with limited toolset permissions (no terminal/file access) and test on non-production data first.

Review Dimensions

Purpose & Capability: noteThe skill claims to provide end-to-end Pinduoduo food-category operations guidance and the SKILL.md contains detailed SOPs and modules that align with that purpose. However the package has no source/homepage and an unknown owner, which reduces trust. Nothing in the manifest asks for unrelated cloud credentials or system-wide access, so capability requests largely match the described purpose.
Instruction Scope: noteSKILL.md is an instruction-only guide focused on operational advice, compliance handling, and SOPs. It does not explicitly instruct the agent to read system files, environment variables, or exfiltrate data. However the declared requires_toolsets includes 'web', 'terminal', and 'file' — terminal and file access are not obviously required by a pure advisory skill and could enable the agent to run commands or read/write local data if the platform grants those toolsets. The prose also promises aggressive guarantees (e.g., '100% closed-loop', 'zero penalty') which are unrealistic and could mask instructions that push the agent to take questionable actions if given broad discretion.
Install Mechanism: okNo install specification and no code files — instruction-only — so nothing will be written to disk or downloaded during install. This minimizes installation risk.
Credentials: okThe skill requests no environment variables, credentials, or config paths. That is proportionate for an advisory skill because it cannot act on behalf of an account without additional secrets. If the skill later asks the user to provide platform credentials to 'perform' fixes, that would be a separate escalation to evaluate.
Persistence & Privilege: okalways is false and disable-model-invocation is false (normal). The skill does not request persistent privileges, nor does it declare actions that would modify other skills or global agent settings.