Skillv1.0.0

ClawScan security

Zhejiang · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 18, 2026, 8:23 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's description (providing a brand overview for 'zhejiang') matches its instructions and it requests no installs, credentials, or system access.
Guidance: This skill appears coherent and low-risk: it only instructs the agent to summarize information about a brand and asks for no credentials or installs. Before relying on it for decisions, ask the agent to cite primary sources (official site, regulatory filings, reputable news) and verify facts independently — LLMs can hallucinate or present outdated information. If you need confidentiality or audited sources for business use, prefer manual verification or a skill that requires and documents trusted data sources.
Findings: [no-findings] expected: Regex scanner found nothing; this is expected for an instruction-only SKILL.md with no code files. Absence of findings is not proof of factual accuracy of content produced at runtime.

Purpose & Capability: okThe name/description promise (brand history, business overview, market and competition) aligns with the SKILL.md guidance; no unrelated capabilities or credentials are requested.
Instruction Scope: okSKILL.md contains only high-level guidance to gather and present brand information when asked. It does not instruct reading local files, accessing environment variables, or transmitting data to unexpected endpoints. It is somewhat vague about sources (expects the agent to '汇集' information), which is normal for an information-summary skill.
Install Mechanism: okNo install spec and no code files are present (instruction-only), so nothing is written to disk or installed — lowest-risk installation footprint.
Credentials: okThe skill declares no required environment variables, credentials, or config paths; there is no demand for unrelated secrets or access.
Persistence & Privilege: okalways:false and default autonomous invocation are used. The skill does not request permanent presence or modify other skills or system settings.