Skillv2.0.1

ClawScan security

elm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 23, 2026, 12:46 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions align with its stated purpose (assisted Ele.me cart building) and it does not ask for unrelated credentials or install arbitrary code.
Guidance: This skill appears coherent and limited to building Ele.me carts after you authenticate via the official Ele.me interface. Before installing: (1) confirm you will not be asked to paste passwords or tokens into chat — the skill states it will not request login secrets and expects you to log in yourself; (2) be prepared to review the cart and complete payment manually; (3) remember the platform/agent will need the ability to open/resume your Ele.me browser session or UI — ensure you trust the environment that provides that capability; (4) if you have concerns, avoid enabling autonomous invocation or remove the skill after use. If the platform offers logs or permission controls, verify the skill’s interactions and revoke session access when finished.

Review Dimensions

Purpose & Capability: okName and description match the runtime instructions: the skill intends to resume an authenticated Ele.me session, read visible coupons/addresses/cart state, search merchants, build a basket, and add items to the cart. It does not request unrelated environment variables, binaries, or config paths.
Instruction Scope: okSKILL.md keeps actions tightly scoped to Ele.me interactions (confirm address, read visible coupons, build cart, hand off for payment) and explicitly forbids asking for or storing login secrets. The instructions assume the platform/agent can open or resume an Ele.me browser/session and interact with UI state; this is reasonable but is an operational dependency rather than a security mismatch.
Install Mechanism: okInstruction-only skill with no install spec or downloaded artifacts. Nothing is written to disk or fetched at install time, minimizing install-time risk.
Credentials: okNo environment variables, credentials, or config paths are required. The skill only states it will operate on the user's existing authenticated Ele.me session after the user has logged in, which is proportional to its purpose.
Persistence & Privilege: notealways:false (not forced into every agent run). The skill can be invoked autonomously by the agent (platform default), and its ability to act on an authenticated session increases potential impact if misused — but SKILL.md documents consent rules and no storage. Consider platform enforcement of those behavioral constraints.