Back to skill
Skillv1.0.0
ClawScan security
NBATI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 11, 2026, 1:20 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only basketball personality quiz that only uses its bundled question/type files and asks users 8 questions — its requested resources and behavior match its stated purpose.
- Guidance
- This skill appears coherent and low-risk: it only reads its included question and type files and interacts with users via questions/answers. Before installing, consider that user answers (personal preferences) will be handled by the agent — if your platform logs conversation history or sends telemetry, quiz answers may be retained externally. If you need stronger privacy, confirm where conversation logs are stored or disable telemetry; otherwise this skill is fine to use for light, local Q&A.
Review Dimensions
- Purpose & Capability
- okName and description (NBATI 篮球人格测试) match the contents: the skill is instruction-only, uses two local reference files for questions and type mapping, and requires no binaries, env vars, or external services. There are no disproportionate requirements.
- Instruction Scope
- okSKILL.md narrowly instructs the agent to randomly pick 8 non-repeating questions from references/questions.md, prompt the user sequentially, record answers, compute scores using the mapping in references/types.md, and produce a formatted result card. The instructions do not ask the agent to read unrelated files, access credentials, or send data externally. Handling of partial answers is explicitly scoped to producing a result with a playful comment.
- Install Mechanism
- okNo install spec and no code files beyond SKILL.md and two reference markdown files. Instruction-only skills have minimal disk/system impact; nothing is downloaded or executed.
- Credentials
- okThe skill declares no environment variables, no credentials, and no config paths. That is proportionate for a local quiz that reads bundled question/type files.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system presence or privileged operations. Autonomous invocation is allowed (platform default) and is appropriate for a user-invoked quiz. The skill does not modify other skills or system configs.