Back to skill
Skillv1.0.0
ClawScan security
数字公式计算器-招投标价格 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 1:28 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only Excel/math formula helper for bid-scoring that asks for no credentials, installs nothing, and whose runtime instructions match its stated purpose.
- Guidance
- This skill appears coherent and low-risk: it is an instruction-only helper for parsing and computing Excel-like formulas and does not ask for credentials or install code. Before relying on results for important decisions, (1) verify numeric outputs with your own checks or a trusted calculator, (2) test edge cases (zero denominators, extreme values) as the skill itself recommends, and (3) avoid pasting any sensitive data into the formulas you submit. If you later follow README's manual install instructions (git clone or running code snippets locally), review any downloaded code before executing it on your machine.
Review Dimensions
- Purpose & Capability
- okThe name/description (Excel formula parsing, step-by-step calculation, boundary checks for bidding scores) aligns with the content of SKILL.md and README. There are no unexpected credentials, binaries, or config paths required.
- Instruction Scope
- okSKILL.md contains only formula-parsing, stepwise arithmetic and validation guidance. It does not instruct reading unrelated files, accessing environment variables, nor transmitting data to external endpoints. It explicitly recommends user confirmation before final output.
- Install Mechanism
- okNo install spec and no code files — instruction-only. README mentions optional manual install commands (npx/git clone) for a hypothetical repo, but the distributed skill itself writes nothing to disk and does not download or execute remote code.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The README/skill examples include a small JS function snippet for illustration only; no secrets or unrelated service tokens are required.
- Persistence & Privilege
- okSkill flags: always=false, user-invocable=true, disable-model-invocation=false (normal). The skill does not request persistent or elevated privileges and does not modify other skills or system settings.