Back to skill
Skillv1.1.0
ClawScan security
China Shopping · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 12:19 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent: it uses a local Python script and bundled JSON data to recommend Chinese shopping platforms, requests only python3, and does not ask for credentials or network access.
- Guidance
- This skill appears to be what it claims: a local, offline recommender that reads bundled data and prints suggestions. It does not request credentials or make network calls. Before installing, consider: (1) review the bundled data files if you need to ensure recommendations match your expectations (there are duplicate/unused data files present), (2) the code is local Python — run it in a safe environment if you want to validate outputs, and (3) the SKILL.md and code have minor maintenance mismatches (unused JSON files and duplicated mappings) but nothing indicating exfiltration or malicious behavior.
Review Dimensions
- Purpose & Capability
- okName/description match the actual implementation. The skill only requires python3 and the included data files to map product names to categories and recommend platforms — all appropriate for a shopping-recommendation skill.
- Instruction Scope
- noteSKILL.md instructs the agent to run the local CLI (python3 china-shopping.py ...), which matches the code. Minor inconsistencies: the README and SKILL.md list data/product_mapping.json and data/general_fallback.json as used files, but the CLI loads data/categories.json and uses an internal PRODUCT_KEYWORDS table; product_mapping.json and general_fallback.json are present but not actually read by the code. This is a coherence/maintenance issue but not a security risk. The instructions do not direct reading unrelated system files or environment variables.
- Install Mechanism
- okNo install spec; this is instruction-only with a bundled Python script and local JSON files. Nothing is downloaded or executed from external URLs at install time.
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths. This is proportionate to its stated function.
- Persistence & Privilege
- okalways:false and no requests to modify other skills or system configuration. The skill runs only when invoked and does not demand elevated persistence.