Back to skill
Skillv1.0.1
ClawScan security
LingJi运营工单分析 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 7:51 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (analyzing LingJi work-order Excel files and producing terminal summaries or a PDF); I found no requests for unrelated credentials, no network exfiltration, and no hidden behavior.
- Guidance
- This skill appears coherent and implements only local analysis of an Excel export and PDF generation. Before installing: (1) ensure the Excel you process does not contain sensitive PII you don't want handled; (2) be aware 'playwright install chromium' will download a browser binary (normal for Playwright); (3) run the scripts in an isolated virtualenv as suggested; and (4) if you need higher assurance, review the two included .py files yourself — they contain the full logic and make no network calls or secret accesses.
Review Dimensions
- Purpose & Capability
- okName/description ask for work-order analysis and PDF report generation; included Python scripts and SKILL.md perform exactly that using pandas/openpyxl and Playwright. No extraneous credentials, binaries, or unrelated capabilities are requested.
- Instruction Scope
- okRuntime instructions limit actions to reading a provided Excel file, computing statistics, classifying text, rendering HTML, and optionally using Playwright to print a PDF. The SKILL.md does not instruct reading unrelated system files, environment secrets, or sending data to external endpoints.
- Install Mechanism
- noteNo built-in install spec; SKILL.md recommends pip install pandas/openpyxl/playwright and running 'playwright install chromium'. This is appropriate for PDF generation but implies downloading a Chromium browser binary at first run (expected for Playwright).
- Credentials
- okThe skill requires no environment variables, no config paths, and the code does not read environment/credential values. Requested dependencies are proportionate to the task (data processing + PDF rendering).
- Persistence & Privilege
- okThe skill is not always-enabled and has no install-time actions that modify other skills or global agent settings. It does not request elevated or persistent privileges.