Back to skill
Skillv1.0.1
ClawScan security
未来之窗智能门禁参数转换 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 5:51 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with its stated purpose (simple template placeholder replacement) and request no credentials, installs, or unexpected access.
- Guidance
- This skill appears coherent and low-risk for its stated purpose. A few practical notes before installing: (1) SKILL.md and skill.js show version 1.0.0 while the registry lists 1.0.1 — minor inconsistency worth verifying. (2) The regex uses /@(\w+)@/ which only matches ASCII word characters; parameter names with non-ASCII characters (e.g., Chinese) won't be replaced — test if you need non-ASCII support. (3) The skill inserts paramData values verbatim into the output; if you later use the resulting text in commands, SQL, or device configuration, ensure you validate/escape values to avoid injection or misconfiguration. If those points are acceptable, the skill is coherent with its description.
Review Dimensions
- Purpose & Capability
- okThe name/description claim to replace @param@ placeholders with access-control values; the skill declares two input params (templateText, paramData) and the implementation performs exactly that replacement. There are no unrelated credentials, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md and skill.js limit behavior to validating inputs and replacing @name@ placeholders. The instructions do not read files, call external endpoints, or access environment variables beyond the declared inputs.
- Install Mechanism
- okThis is instruction-only (no install spec). The included code is small and does not perform downloads or write to disk outside platform expectations.
- Credentials
- okThe skill requests no environment variables, secrets, or external credentials — proportional for the stated simple transformation task.
- Persistence & Privilege
- okalways is false and the skill does not request special persistence or modify other skills or system settings.