daily-gushiwen

PassAudited by ClawScan on May 1, 2026.

Overview

This skill appears to fetch public poetry content from a specified website and send it back, with no credential use, hidden code, or persistence shown.

This appears safe for its stated purpose. Before installing, be aware that it fetches content from gushiwen.cn and may send public image URLs in messages; keep its use limited to those public sources.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI02: Tool Misuse and Exploitation

What this means

The agent may contact an external public website and run a curl-style fetch to prepare the response.

Why it was flagged

The skill directs the agent to invoke a command/web-extraction tool and make an external request. This is disclosed and aligned with the skill's purpose, but users should know it depends on runtime tool access.

Skill content

使用 exec+curl 或 tavily_extract 访问 https://www.gushiwen.cn/

Recommendation

Keep execution limited to the listed public site and avoid expanding the shell command or sending content elsewhere without user approval.