Skillv1.0.0

ClawScan security

car-advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 3:15 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, scope, and required resources align with its stated purpose (real-time car Q&A and comparisons); it is instruction-only, requests no secrets or installs, and does not contain obvious incoherence or hidden endpoints.
Guidance: This skill appears coherent and does what it says: perform real-time web searches and assemble car comparisons. Before installing, consider: (1) privacy — searches and user queries will go to whatever web_search provider the agent uses (they may be logged by that provider and by the target websites); (2) volume and rate limits — the skill advocates parallel searches and may perform many queries for multi-vehicle comparisons (this can hit rate limits or trigger blocking on some sites); (3) accuracy — the skill relies on scraped/third-party pages that can be out-of-date or inconsistent, so verify critical data (price, subscription requirements) against official brand pages; (4) optional paid APIs — if you later supply API keys for juhe/wapi/dongchedi, grant only the minimal permissions and store keys in secure env vars; (5) autonomous invocation — if you are concerned about automatic network activity, consider restricting autonomous execution or adding usage limits. Overall there are no obvious coherence or credential-exfiltration issues.

Review Dimensions

Purpose & Capability: okName/description (real-time car Q&A and comparisons) match the SKILL.md: it describes intent parsing, web searches of official sites and auto portals, structured comparison output, and cites appropriate sources. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope: noteInstructions require broad, parallel web_searches and scraping-like retrieval from many public automotive sites (official pages, dongchedi, autohome, media, forums). This is coherent for the purpose, but the policy to 'always trigger when a topic involves specific models' may cause frequent external queries (privacy/rate-limit considerations). The SKILL.md does not direct reading of local files or other unrelated system state.
Install Mechanism: okNo install specification or code files — instruction-only skill. This is the lowest-risk install model and consistent with the described behaviour.
Credentials: okNo environment variables or credentials are required. The references mention third-party paid APIs (wapi.cn, juhe.cn, dongchedi enterprise keys) that would require keys if used, but the skill does not demand those credentials in its manifest — provisioning them would be optional and should be done deliberately.
Persistence & Privilege: okSkill is not always-included (always: false) and does not request to modify agent/system configs or persistent credentials. Autonomous invocation is allowed (platform default) but not combined with other privilege escalations.