Back to skill
Skillv1.0.0
ClawScan security
中文笑话库 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 4:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally coherent: it provides a local Chinese joke database and the included scripts read from a local jokes.json with no external network or secret access.
- Guidance
- This skill appears safe and self-contained: it only reads the bundled jokes.json and prints jokes. Before installing, you may want to (1) inspect jokes.json for any content you find inappropriate, (2) be aware of a small bug when requesting a non-existent type (the Python script will error instead of printing a friendly message), and (3) run the scripts in a normal user context (no special privileges needed). No network calls or credentials are requested by the skill.
Review Dimensions
- Purpose & Capability
- okThe name/description claim a local joke library with no external APIs. The package contains a local jokes.json and simple scripts that load and print jokes — all required pieces match the stated purpose.
- Instruction Scope
- noteSKILL.md only directs running the included local scripts and editing jokes.json. The runtime instructions do not request other files, environment variables, or network endpoints. Minor issue: scripts/joke.py contains a small bug (print(..., error=True) — print() doesn't accept an 'error' kwarg), which would raise an exception if a requested type is not found; this is a correctness bug, not an indication of malicious intent.
- Install Mechanism
- okNo install spec; this is instruction-only plus two simple local scripts. Nothing is downloaded or installed during use.
- Credentials
- okNo environment variables, credentials, or config paths are required. The skill does not request access beyond reading its local jokes.json file.
- Persistence & Privilege
- okalways=false and no special persistence or system-wide configuration is requested. Autonomous invocation is allowed by platform default but the skill itself does not request elevated privileges.