Chinese Joke Api
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears benign: it fetches Chinese jokes from disclosed third-party APIs and shows no evidence of credential use, file access, persistence, or destructive behavior.
This skill is low risk based on the supplied artifacts. Be aware that it makes outbound requests to the listed third-party joke APIs, and returned jokes come from those external services.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will contact external joke services, so availability and returned content depend on those services.
The script makes network calls to a third-party joke API. This is disclosed and purpose-aligned, uses a timeout, and does not include evidence of sending credentials or local files.
result=$(curl -s --max-time 5 "https://v1.hitokoto.cn?c=j" 2>/dev/null)
Install only if you are comfortable with the skill making outbound requests to the disclosed joke APIs.