daily-gushiwen

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill appears to fetch public poetry content from a specified website and send it back, with no credential use, hidden code, or persistence shown.

This appears safe for its stated purpose. Before installing, be aware that it fetches content from gushiwen.cn and may send public image URLs in messages; keep its use limited to those public sources.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

Low

What this means

The agent may contact an external public website and run a curl-style fetch to prepare the response.

Why it was flagged

The skill directs the agent to invoke a command/web-extraction tool and make an external request. This is disclosed and aligned with the skill's purpose, but users should know it depends on runtime tool access.

Skill content

使用 exec+curl 或 tavily_extract 访问 https://www.gushiwen.cn/

Recommendation

Keep execution limited to the listed public site and avoid expanding the shell command or sending content elsewhere without user approval.