Skillv0.1.0

ClawScan security

dianping · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 15, 2026, 4:28 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only assistant for evaluating Dianping listings; its requirements and instructions match its described purpose and it does not request unrelated credentials or install code.
Guidance: This skill appears coherent and does what it claims (help judge Dianping listings). Before using it, decide whether you want the agent to open pages or capture screenshots from your browser — avoid giving login credentials or sharing private pages unless you explicitly want it to inspect logged-in content. Remember that 'benign' here means the skill's behavior matches its description, not that it can't make mistakes; review any recommendations before acting on them.

Purpose & Capability: okName/description (Dianping review/deal/store vetting) align with the included reference files and SKILL.md. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope: noteRuntime instructions stay on-topic (review analysis, deal judgment, store comparison). The browser workflow mentions inspecting public pages and using screenshots and restricting logged-in pages to 'user' only when necessary — this is coherent but requires explicit user consent before accessing any logged-in content or capturing screenshots containing personal data.
Install Mechanism: okNo install spec and no code files — instruction-only skill; nothing is written to disk or downloaded during install.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The scope of access implied by the instructions (web page inspection) is proportional to the stated purpose.
Persistence & Privilege: okalways is false and disable-model-invocation is false (normal). The skill does not request permanent presence or elevated system privileges.