v1.0.1

home-insurance-advisor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:17 AM.

Analysis

This is a coherent instruction-only home-insurance advisor with no code or credentials, but users should avoid sharing more home, asset, or family detail than needed.

GuidanceThis skill appears safe to install as an instruction-only advisor. Use it for general home-insurance planning, but keep disclosures proportionate: city and general home characteristics are usually enough, while exact address, policy numbers, identity documents, and detailed valuables lists should be avoided unless you have a specific need.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityInfoConfidenceMediumStatusNote

SKILL.md

您本次提供的个人及房产信息仅用于本次风险分析，不会用于其他用途。

The skill tells the agent to give a privacy reassurance to the user. In context this appears aligned with the advisory purpose, but it is a user-facing assurance rather than a separate technical privacy control shown in the artifacts.

User impactA user may feel more comfortable sharing sensitive home and asset details because of the reassurance.

RecommendationTreat the statement as advisory wording and still limit sensitive disclosures to what is necessary for the current conversation.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

顺带收集剩余关键信息：... 家庭成员（有无家政/宠物）... 室内贵重物品情况 ... 是否有现有保障 ... 大概预算范围

The skill asks the agent to collect and summarize sensitive household, asset, and insurance-related details in the conversation. This is expected for the stated advisory purpose, and the artifacts do not show persistence or external transmission.

User impactThe user may disclose details about their home, valuables, household members, insurance coverage, and budget.

RecommendationShare only the details needed for the insurance discussion, and avoid giving exact addresses, identification numbers, policy numbers, or highly specific valuables inventories unless truly necessary.