Back to skill
Skillv0.1.0
ClawScan security
白月光 | Moonlight Map · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 7, 2026, 2:21 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only journaling/reflection skill is internally coherent with its stated purpose and does not request extra credentials, installs, or system access.
- Guidance
- This skill appears coherent and low-risk because it's instruction-only and asks for nothing beyond what the user types. Before installing or using it: avoid pasting real names, contact details, workplaces, addresses, or screenshots containing PII; treat its output as reflective writing, not professional therapy; if you are in crisis or have self-harm thoughts follow the crisis guidance it gives and contact real-world help; and remember the skill's source is unknown—if privacy is a concern keep sensitive details out of the conversation.
Review Dimensions
- Purpose & Capability
- okName/description (emotional-mapping, journaling) match the SKILL.md instructions: collecting 'fragments', producing a structured '月光档案' and an optional unsent letter. No unexplained requirements (no env vars, binaries, or config paths).
- Instruction Scope
- okThe runtime instructions are narrowly focused on conversational prompts, structuring user-provided fragments, labeling uncertainty, and crisis escalation. They explicitly forbid role‑playing the other person and limit collection of identifiable information. The skill does not instruct reading files, environment, or sending data to external endpoints.
- Install Mechanism
- okThere is no install spec and no code files—this is an instruction-only skill. That minimizes on-disk risk and the static scanner had nothing to analyze.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. All data comes from user input and the SKILL.md explicitly minimizes collection of PII. Requested access is proportionate to the stated functionality.
- Persistence & Privilege
- okFlags show always:false and standard agent invocation behavior. The skill does not request persistent or elevated privileges and has no install step that would alter other skills or system settings.