Skillv2.1.0

ClawScan security

德胧大佬蒸馏系统 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 11:51 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: Skill's stated purpose (simulate internal executives) is plausible, but the instructions reference internal/external data sources (Feishu docs, message archives) and sensitive corpora without declaring how those will be accessed — an inconsistency that deserves clarification before installation.
Guidance: This skill simulates named company executives using internal sources (Feishu docs, chat logs, meeting minutes). Before installing, ask the author these questions: (1) How will the skill access Feishu docs/messages — does it require Feishu API credentials or special connectors? (2) Will the skill pull private chat/meeting records automatically, and if so, is that authorized by your org? (3) Where are model outputs sent — any external endpoints? (4) Who audited the role-card source data for privacy/legal risk (defamation, personnel privacy)? If you cannot confirm that it only uses approved corpora and that access is limited, treat it cautiously. For immediate mitigation: only use the skill on non-sensitive, hypothetical scenarios; verify every generated '观点模拟' before sharing externally; and get explicit authorization if you want it to access internal chats/meeting notes.

Review Dimensions

Purpose & Capability: noteThe name/description (模拟公司高管观点) match the SKILL.md: role cards, debate/meeting/opinion modes and example outputs. However the skill repeatedly cites internal Feishu documents, chat/message archives and meeting minutes as primary data sources while the skill metadata declares no required credentials or config paths. That mismatch (references to private corpora without declared access requirements) is noteworthy.
Instruction Scope: concernSKILL.md instructs the agent to '读取角色卡' and to use multi-source corpora including '飞书文档', '飞书消息（HASR VESTER采集）', and '会议纪要/决策记录'. Those are sensitive internal artifacts; the doc does not explicitly limit what the agent may read or require consent. The instructions also permit multi-role debate simulation and open-ended '反问诊断' which could lead the agent to ask for or aggregate additional internal context. While no explicit system-file or env-var reads are commanded, the implied requirement to pull internal messages is broader than the declared metadata.
Install Mechanism: okInstruction-only skill with no install spec, no code files, and no downloads — low installation risk. Nothing will be written to disk by an installer as part of the skill package.
Credentials: concernDeclared requirements list no credentials or config paths, yet the content expects access to Feishu docs, private chat logs and meeting minutes. Either the platform agent already has connectors (possible), or the skill omitted declaring needed access (problematic). The skill also models named real employees/executives — which may require access to internal personnel data; no env or permission declarations are provided to justify that.
Persistence & Privilege: okalways:false and no install-time persistence. The skill does not request persistent system presence or modify other skills. Autonomous invocation is allowed (platform default) but is not combined with elevated persistence in this package.