Skillv1.0.2

ClawScan security

Dream Interpretation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 31, 2026, 1:28 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required resources, and scope are coherent with a web-grounded Chinese dream-interpretation helper — nothing requested or installed is disproportionate to its stated purpose.
Guidance: This skill appears internally consistent, but consider two practical cautions before enabling it: (1) privacy — dreams often contain sensitive personal details; confirm how your agent performs web searches and whether user-provided dream text will be transmitted to external search providers or logged by third parties, and get user consent before searching with identifying details. (2) source quality and hallucination risk — the skill relies on aggregating web pages; prefer authoritative or well-known Chinese sources and avoid accepting fabricated citations. If you need stricter guarantees, require the skill to ask the user for permission before issuing web searches or to restrict searches to a configured allowlist of domains. If the skill later adds code, downloads, or requests credentials or external service endpoints, re-evaluate as that would be a significant red flag.

Purpose & Capability: okName/description (Zhougong-style + modern psychology) match the SKILL.md: it explicitly requires web searches for traditional sources and synthesizes a psychological view. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope: noteInstructions are narrowly scoped to extracting dream symbols, performing web searches (2–4 sources), synthesizing traditional and psychological interpretations, and asking clarifying questions. Note: it requires sending user-provided dream text to web search engines (potential privacy exposure) and depends on external sources for accuracy; the SKILL.md forbids inventing citations but does not mandate redaction or user consent for sending sensitive content to search.
Install Mechanism: okInstruction-only skill with no install spec or code files — lowest-risk installation footprint (nothing is written to disk or executed locally by the skill).
Credentials: okThe skill requires no credentials, env vars, or config paths. Its external-network behavior (web searches) is appropriate for the described task, so requested permissions are proportional.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed by platform default but is not combined with other high-risk factors here.