Skillv1.0.0

ClawScan security

商务用餐 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 11, 2026, 1:21 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation and runtime instructions are coherent for a business-meal assistant, but there are unexplained mismatches (an unnecessary python3 requirement and an internal 'required' flag) and missing integration details that warrant caution.
Guidance: This skill appears to be a well-written business-meals documentation/instruction pack, but two things don't add up: the SKILL.md metadata requires 'python3' even though there is no code (instruction-only), and the metadata flag 'required: true' conflicts with registry flags. Also, the API list hints at backend calls but no endpoints or credential requirements are declared. Before installing or enabling this skill: 1) Ask the publisher why python3 is marked as required and whether any code or runtime will actually be executed. 2) Request the concrete API endpoints and what credentials (if any) the skill will need; ensure any credentials are declared and limited in scope. 3) Verify the skill's source/maintainer (there is no homepage) and prefer skills with a known repo or publisher. 4) If you allow the agent network access, monitor what endpoints it calls the first time this skill is used. If the publisher cannot justify the python3 requirement and missing integration details, treat the skill as higher risk and avoid installing it.

Review Dimensions

Purpose & Capability: noteName and description match the provided instructions (meal application, policy checks, order management). However the SKILL.md metadata declares a required binary 'python3' despite the skill being instruction-only with no code files; that binary requirement is unexpected and not justified by the content. The SKILL.md also contains metadata 'required: true' while registry flags show always:false — another mismatch.
Instruction Scope: okThe SKILL.md content is descriptive and stays within the domain (inputs, outputs, APIs, UI examples). It does not tell the agent to read local files, environment variables, or system configuration, nor to exfiltrate data. The API list is present but endpoints and auth details are not specified (see note below).
Install Mechanism: okNo install spec and no code files are present, so nothing is written to disk or downloaded by default. This lowers installation risk.
Credentials: noteThe skill declares no required environment variables or credentials, which is reasonable for a documentation-only skill. However, the API interface section implies it will call backend services but gives no endpoints or auth requirements — if real integration exists it would likely require credentials that are not declared here. That lack of declared credentials is an information gap.
Persistence & Privilege: okThe skill does not request always:true and does not declare any persistence or system-wide configuration changes. Autonomous invocation is allowed (platform default) but there are no extra privilege flags.