Back to skill
Skillv1.0.0
ClawScan security
办公室面积计算器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 6:03 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's description, runtime instructions, and included Python script are internally consistent: it performs local office-area calculations, requires no credentials or installs, and does not access external systems.
- Guidance
- This skill appears coherent and low-risk: it runs a simple local Python calculation, asks for no secrets, and its behavior matches the SKILL.md. Before installing, you may want to: (1) verify the author's repository/homepage if you need provenance (the package lists a GitHub URL but owner details are minimal), (2) test the tool with known examples to ensure the calculation assumptions (aisle factor, gross-up factors) match your expectations — the script applies area multipliers that may double-up depending on how you interpret '得房率' — and (3) review or run the included scripts in a controlled environment if you plan to run them locally. If you need stricter guarantees, ask for a signed/reputable source or additional maintainer info.
Review Dimensions
- Purpose & Capability
- okThe name/description match the implementation: the SKILL.md describes inputs (seats, finance, seat size, areas) and the included scripts/calculate.py implements exactly those calculations. There are no unrelated requirements (no cloud creds, binaries, or config paths).
- Instruction Scope
- okSKILL.md instructs the agent to parse natural-language parameter descriptions and call the local calculation script. The instructions do not ask the agent to read arbitrary files, environment variables, or transmit data externally — scope is limited to computing and returning area estimates.
- Install Mechanism
- okNo install mechanism is declared (instruction-only + a small Python script). Nothing is downloaded or written to disk beyond the bundled script; no external packages or untrusted URLs are used.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The data it needs (numeric parameters) are passed as arguments — proportional to the stated purpose.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system settings. It can be invoked normally by the agent but has no elevated persistence or privileges.