Back to skill
Skillv1.0.0
ClawScan security
中文繁简转换 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 12:55 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are consistent with a local Chinese simplified/traditional converter that requires a local OpenCC Python library; nothing in the files suggests unexpected network exfiltration or unrelated privileges.
- Guidance
- This skill appears to do exactly what it says: local Chinese simplified/traditional conversion using the OpenCC library. Before installing: (1) ensure you have Python 3.6+; (2) install the dependency manually with `pip install opencc-python-reimplemented` (SKILL.md mentions 'opencc' and '自动安装' but the bundle contains no automatic installer); installing that package will download from PyPI (network) unless you install from an offline wheel; (3) review the small script (it only imports OpenCC and does local conversion). If you need strictly zero network activity, pre-install the OpenCC package in an offline-controlled environment. Otherwise this skill is coherent and low-risk.
Review Dimensions
- Purpose & Capability
- okName/description (local simpl./trad. conversion with custom dictionary) matches the included Python script which uses OpenCC for local conversion; no unrelated credentials, binaries, or external services are requested.
- Instruction Scope
- noteSKILL.md describes usage and conversion directions correctly and gives example prompts. It claims the OpenCC dependency is "自动安装" but there is no install spec; the script prints an instruction to run `pip install opencc-python-reimplemented` if the library is missing. This mismatch is minor but worth noting.
- Install Mechanism
- noteNo install spec is provided (instruction-only), which is low-risk. However, the skill depends on a Python package (opencc/opencc-python-reimplemented) that must be installed by the user (or agent) from PyPI, which would require network access at install time—SKILL.md's "自动安装" is not implemented in the bundle.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The single dependency (OpenCC) is appropriate and proportional to the stated functionality.
- Persistence & Privilege
- okalways is false and there is no code that modifies other skills or system-wide settings. The skill does not request persistent elevated privileges.