Back to skill
Skillv0.1.0
ClawScan security
Toutiao · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 9:10 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's required artifacts and runtime instructions are consistent with its stated purpose of lightweight retrieval and summarization of public Toutiao pages; it requests no credentials, has no install, and its instructions explicitly limit scraping behavior.
- Guidance
- This skill appears coherent and low-risk: it only documents how to summarize public Toutiao pages and does not ask for secrets or install code. Before enabling, confirm your agent/runtime enforces the non-scraping guidance (rate limits, no bulk downloads, respect site ToS). Monitor the skill's network activity for unexpected automated crawling and consider restricting autonomous invocation or adding logging/quotas if you want tighter control.
Review Dimensions
- Purpose & Capability
- okName/description (retrieving and summarizing public Toutiao articles/videos) match the SKILL.md content. The skill does not request unrelated credentials, binaries, or config paths.
- Instruction Scope
- noteSKILL.md is high-level and limited to public page retrieval, summarization, and channel statistics; it explicitly rejects bulk scraping, API reverse-engineering, video downloads, and recommends manual opening to avoid anti-bot detection. Because instructions are non-prescriptive about how to fetch pages, an agent could still implement automated HTTP requests — the doc asks to avoid that, but enforcement depends on the agent runtime and policies.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk and there are no external downloads to review.
- Credentials
- okRequires no environment variables, credentials, or config paths; requested access is minimal and proportionate to the stated task.
- Persistence & Privilege
- okalways:false and default invocation settings (agent may call the skill) — no elevated persistence or cross-skill configuration changes are requested.