Автоматический поиск клиентов (родителей) для репетитора по математике в группах ВКонтакте с умной фильтрацией и приоритизацией онлайн-запросов.
Analysis
The skill is a coherent VK lead-monitoring helper, but users should notice that it uses a VK service token, runs recurring scans, and stores social-media lead data locally.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
**Настрой расписание**: Установи таймер повторения задачи на каждые **3 часа**.
The skill asks the agent to create recurring monitoring. This persistence is disclosed and central to the monitoring purpose, but users should be aware it may continue running after the initial request.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
**VK_API_TOKEN**: Сервисный ключ доступа приложения (Service Token) для чтения открытых стен.
The skill requires a VK service token to call VK APIs. This is expected for the VK monitoring purpose, but it is still a credential that should be scoped and protected.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
`Дата_Время | Название_Группы | Ссылка_на_пост | Имя_Автора | Текст_Запроса ... | Приоритет | Статус`
The skill stores retrieved VK content, including author names and request snippets, in a persistent CSV lead file. This is purpose-aligned, but it retains social-media data and untrusted text for later use.