Skillv1.0.0

ClawScan security

Play Smart · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 6:44 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: An instruction-only persona skill that is coherent with its stated purpose, but its runtime instructions explicitly permit inventing citations and statistics which can mislead users and is disproportionate to safe behavior.
Guidance: This skill is a persona/formatting modifier that makes answers deliberately overcomplicated and academic. Before installing, consider: (1) it explicitly permits fabricating citations, statistics, and p-values — avoid using it for medical, legal, financial, or safety-critical queries; (2) test how it marks or sources claims (ask it to provide verifiable references) and prefer it only for entertainment or stylistic uses; (3) ensure the agent respects the provided automatic downgrade triggers (you should be able to say 'say it simply' or 'stop') and disable the skill or remove it if it repeatedly presents made-up facts as real.

Review Dimensions

Purpose & Capability: okName/description (make answers overly academic/complex) match the SKILL.md instructions. The skill requests no binaries, env vars, or installs — proportionate for a purely behavioral/persona modifier.
Instruction Scope: concernThe SKILL.md directs the agent to produce persona-driven answers, which is expected, but it explicitly allows fabrication ('可以是编的但看起来很真') of reports/citations/statistics and to inject fake p-values/references. That encourages misinformation and deceptive outputs. It also gives broad, open-ended license to reframe any query into interdisciplinary, academic, or contrarian analyses — fine for entertainment but risky for factual/critical contexts (medical, legal, safety, finance). The skill does include reasonable automatic downgrade triggers (user confusion, emergencies), which mitigates but does not eliminate the risk of fabricated claims being presented as real.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk or downloaded, so installation risk is minimal.
Credentials: okRequires no environment variables, credentials, or config paths. There is no request for unrelated secrets or system access.
Persistence & Privilege: okalways:false and user-invocable. Agent-autonomous invocation is allowed (platform default) but not granted extra privileges. The skill does not request persistent system modifications or access to other skills' configs.