Back to skill
Skillv1.0.0
ClawScan security
Play Doh · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 12:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that provides a short Chinese-language historical article about Play‑Doh; it requests no credentials, installs nothing, and its runtime instructions are purely informational and consistent with the description.
- Guidance
- This skill is a harmless, read-only article about Play‑Doh in Chinese. It requests no secrets, installs nothing, and does not instruct the agent to access files or network resources. Because it has unknown provenance (no homepage or source listed), you may choose to only allow it for explicit, user-invoked use — but from a security/coherence perspective it is internally consistent and low-risk.
Review Dimensions
- Purpose & Capability
- okThe skill name and description claim to be a historical/marketing case study of Play‑Doh; the SKILL.md is exactly that article in Chinese and does not request unrelated capabilities or resources.
- Instruction Scope
- okSKILL.md contains only content and a small 'read_when' metadata list describing contexts in which the text is relevant. It does not instruct the agent to read local files, access environment variables, call external endpoints, or collect user data.
- Install Mechanism
- okNo install spec and no code files are present. As an instruction-only skill, it writes nothing to disk and does not pull external packages or binaries.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate or unexplained access requested.
- Persistence & Privilege
- okalways is false and the skill has no install behavior that would modify agent state or other skills. Autonomous invocation is allowed by default but the skill's instructions pose no additional risk.