cambridge
v0.1.0Information assistant for Cambridge University 剑桥大学. Get mission info, latest reports, member states, and organizational resources.
⭐ 0· 38·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name, description, and SKILL.md consistently describe an information assistant for Cambridge University that uses web search. Nothing requested (no env vars, binaries, or installs) is out of scope. Minor content oddity: the SKILL.md mentions "member states," which is terminology more typical of intergovernmental organizations rather than a university — this is likely a wording/accuracy issue rather than a security concern.
Instruction Scope
The runtime instructions are limited: they state the skill will use web search to fetch info from official sites and news sources. There are no instructions to read local files, environment variables, or to transmit data to unknown endpoints.
Install Mechanism
No install spec or code files are present — the skill is instruction-only, so nothing will be written to disk or installed during use.
Credentials
The skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for secrets or system access.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system presence. Model invocation is allowed (the platform default), but that is normal and not combined with other privileges here.
Scan Findings in Context
[no-findings] expected: Regex scanner had nothing to analyze because this is an instruction-only skill with a single SKILL.md file; that absence of findings is expected.
Assessment
This skill is low-risk: it only describes using web searches to summarize public information about Cambridge University and requests no credentials or installs. Before installing, consider: (1) verify results against authoritative sources (e.g., https://www.cam.ac.uk) because web-sourced summaries can be incomplete or out-of-date; (2) note the minor wording oddity around "member states" — confirm the skill uses the correct domains and publications for university-specific info; (3) the skill's source/homepage is unknown, so if provenance matters (maintenance, updates), prefer skills with a clear repo or publisher; (4) because it can be invoked by the agent, monitor initial outputs to ensure it isn’t returning unexpected external links or instructions. If you want minimal risk, keep this skill user-invocable only and review its responses before acting on them.Like a lobster shell, security has layers — review code before you run it.
latestvk970xep5nqz6z0mkyhp9cczzy1840k06
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🏛️ Clawdis