Skillv1.0.0

ClawScan security

德牧洒洒·房车陪伴助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 12:13 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is a local static web UI that mostly simulates voice assistant features but claims control over external apps (导航/邮件/腾讯会议) without requesting or showing the credentials, APIs, or integrations needed — this mismatch is suspicious and worth verifying before use.
Guidance: This package appears to be a local demo/static webpage for a voice assistant rather than a fully integrated controller for navigation/email/meetings. Before installing/using: - Inspect the full assets/index.html (search for fetch/XHR, websocket, window.open, location.href, navigator.registerProtocolHandler, or any external URLs) to see whether it contacts remote servers or attempts to open URL schemes (deep links) that interact with native apps. - If you plan to use it, open the page in a browser with DevTools open and monitor the Network tab to confirm no unexpected outbound requests occur. Consider blocking network access initially. - Be aware the page will request microphone (and maybe camera) permission; granting these allows local audio/video capture. Only grant if you trust the source. - If you expect true integration (e.g., send email, control 高德, join 腾讯会议), ask the author for details: which APIs or URL schemes are used and whether any credentials or OAuth flows are required. The provided files look like a UI simulator with canned replies, not a complete integration. - If you cannot verify the remaining script content (truncated here), treat the package as untrusted or run it in a sandboxed environment.

Review Dimensions

Purpose & Capability: noteThe name/description promise voice control of navigation (高德), email reply, Tencent Meeting, camera, and web search. The package only contains a static HTML/JS UI (assets/index.html) and no install steps, binaries, or credential requests. For a purely local browser-based assistant that uses deep links or browser APIs, no credentials might be required — but the skill also presents canned responses rather than clear integration code. The claimed integrations are plausible in principle, but the provided files do not demonstrate real integrations.
Instruction Scope: concernSKILL.md tells the user to copy assets/ and open assets/index.html in a browser and to speak the wake word. The included HTML/JS (partially shown) appears to produce canned replies and UI behavior, not real service calls. The SKILL.md promises control of external apps, but the visible script content returns static responses and does not show calls to external services or URL schemes. The HTML will request microphone/camera permissions in-browser (normal for voice/camera features) — that implies audio/video capture which is sensitive. The provided files may be only a demo/simulator; the mismatch between promised capabilities and the actual code is the main concern. The remainder of index.html is truncated here, so it's impossible to fully confirm whether remote endpoints or deep-link invocations exist.
Install Mechanism: okNo install spec and no binaries declared; the skill is instruction-only and delivered as static files the user opens in a browser. This is the lowest install risk model (nothing is written to system paths).
Credentials: okThe skill requests no environment variables, credentials, or config paths. That is proportionate for a local static web UI. Note: the page will ask for microphone and possibly camera permissions in the browser — these are expected for voice/camera features but are sensitive (audio/video capture).
Persistence & Privilege: okNo special persistence or platform privileges are requested. Flags show default invocation behavior (not always: true). The skill does not claim to modify agent/system settings.