Back to skill
Skillv1.0.0
ClawScan security
市级教育课题申报Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 4:40 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only assistant for drafting municipal-level education project proposals and its declared inputs/behavior are consistent and proportionate with that purpose.
- Guidance
- This skill appears coherent and low-risk because it is instruction-only and asks for only non-sensitive parameters. Before installing or using it: (1) verify the author/repository/homepage listed in package.json since registry metadata lacked a source; (2) avoid submitting real student-identifiable personal data or confidential school records as input — replace with anonymized placeholders; (3) review generated proposals carefully before submitting them to any official body (the tool produces templates and suggestions, not legally vetted documents); (4) if a future version adds install scripts, external network calls, or environment-variable requirements, treat that as a new risk and re-evaluate.
Review Dimensions
- Purpose & Capability
- noteThe name, description, and SKILL.md all describe generating市级教育课题申报书 and related analyses; the declared requirements are minimal (no env vars, no binaries). This is coherent. Minor inconsistency: registry metadata lists no homepage/source, but package.json includes a repository and homepage fields — worth verifying the upstream repository/author before trusting provenance.
- Instruction Scope
- okSKILL.md contains structured, self-contained instructions and example outputs for three functions (generate_municipal_proposal, analyze_local_education_context, refine_practical_implementation). It does not instruct the agent to read unrelated files, access system paths, or exfiltrate data to external endpoints.
- Install Mechanism
- okThere is no install spec and no code files beyond package.json and SKILL.md, so nothing is written to disk or downloaded by the skill at install time — this is the lowest-risk pattern.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths — the declared inputs are just function parameters about city/school/context, which are proportionate to the stated purpose.
- Persistence & Privilege
- okThe skill does not request persistent presence (always=false), does not modify other skills or system-wide settings, and contains no install-time scripts — no elevated persistence or privileges are requested.