Back to skill
Skillv1.0.0
ClawScan security
ACG-Rust 教学工具 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 2, 2026, 3:43 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a self-contained, local Python teaching tool whose required files, runtime instructions, and requested capabilities align with its stated purpose.
- Guidance
- This skill appears coherent and self-contained: it runs a local Python script that presents static teaching content and keeps progress in memory. If you plan to install it: (1) review the bundled scripts (already done) and confirm no network calls or hidden execs—this script has none; (2) run it in a sandbox or isolated environment if you prefer extra caution; (3) be aware the SKILL.md example uses a hardcoded workspace path—ensure the path matches where the skill is installed; (4) because the code is bundled, also check updates from the skill author before trusting future versions. Overall the footprint is small and proportional to an educational tool.
Review Dimensions
- Purpose & Capability
- okName/description (ACG-themed Rust ownership teacher) match the included files: a SKILL.md, two reference docs, and a single Python script implementing teaching functions. The only declared runtime dependency is python3, which is appropriate and proportional.
- Instruction Scope
- noteSKILL.md instructs running the included Python script from the agent workspace (hardcoded example path ~/.openclaw/workspace/skills/acg-rust-teacher/scripts/acg-rust-teacher.py). Instructions remain within the educational scope and do not request reading unrelated files or external secrets. Note: the path assumption is workspace-specific and brittle but not malicious.
- Install Mechanism
- okThere is no external installer or network download. The SKILL.md references installing the provided local file (scripts/acg-rust-teacher.py). All code is bundled with the skill—no third-party packages or remote URLs are involved.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The Python code does not read environment variables or external secrets and uses only standard-library imports. Requested privileges are proportionate to the stated functionality.
- Persistence & Privilege
- okalways is false and default autonomous invocation is allowed (normal). The skill does not modify other skills or system configuration. Learning progress is tracked in-memory in the Python object (no persistent storage or external transmission).