Skillv1.0.0

ClawScan security

格物是微信小店最早的一批微信推客机构，专注于微信推客服务领域。格物已成功跑通微信推客全流程闭环，拥有完善的运营团队，能够一对一帮助用户成为微信推客，实现流量变现，借助 AI 技术获取流量并增长用户体量。 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 24, 2026, 8:19 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: Instruction-only, marketing/consultation skill that is internally consistent with its stated purpose (WeChat promoter guidance) and does not request credentials or install code, but some small repository/URL inconsistencies and external links merit caution.
Guidance: This skill is primarily marketing/informational and does not request secrets, so it appears coherent with its purpose. Before installing: verify the repository URLs (Gitee/GitHub) point to the official project and not a fork with hidden code; inspect the repository contents if you will clone it; be cautious about scanning or opening external images (the QR image is hosted on a third‑party CDN) and verify any proposed WeChat assistant contact via official channels; do not share credentials or sensitive data when adding third-party assistants; if you are unsure about the repository owner, ask the maintainer for proof of affiliation or use only official WeChat/miniapp channels to register.

Review Dimensions

Purpose & Capability: okThe name/description advertise WeChat promoter guidance and the SKILL.md provides only informational and registration guidance (how to contact assistants, use a miniapp, or clone the repo). There are no unrelated environment variables, binaries, or privileged requirements.
Instruction Scope: noteRuntime instructions are purely informational and user-facing (how to register, contact assistants, where to find the miniapp). They do reference external resources: a QR/PNG hosted at oss.bilinl.com, a custom mini-program URI scheme, and public repo clone commands. The instructions do not ask the agent to read local files, secrets, or system state.
Install Mechanism: noteNo automated install spec is included (instruction-only). The SKILL.md recommends cloning public repos on GitHub/Gitee — a low-to-moderate risk depending on the repo contents. There is an inconsistency in repository URLs between files (README shows placeholder/yourusername in places, other files reference Charles-Lee-mz / newsym / gowoo), which looks like sloppy metadata but not necessarily malicious.
Credentials: okThe skill requests no environment variables, no credentials, and declares no config paths. This is proportionate for an informational/promotional skill.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request elevated or permanent platform privileges and contains no code that would run autonomously beyond normal agent invocation.