Skillv1.0.0

ClawScan security

补货参谋 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 4, 2026, 9:04 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose (household replenishment planning); it asks for no unrelated credentials, has no install actions, and does not instruct the agent to access system secrets or external endpoints.
Guidance: This skill appears internally consistent and matches its description. Before using it: (1) avoid pasting or uploading account credentials, payment information, or sensitive screenshots — order screenshots and receipts may contain personal data; redact them if necessary. (2) The skill will ask for pantry/menu/order inputs to estimate depletion — provide only the minimum data needed. (3) It explicitly disallows login/auto-ordering, so do not expect it to place orders or use your e‑commerce accounts; if a future version asks for API keys or login tokens, treat that as a major change and re-evaluate. (4) Autonomous invocation is allowed by default (normal), so monitor what context you give to the agent and revoke access if the skill's behavior changes.

Review Dimensions

Purpose & Capability: okName/description (PantryPilot / 补货参谋) match the contained files and runtime instructions: the package is an instruction-only skill that maps pantry/menu inputs to platform routing and three-plan restock outputs. It does not request unrelated credentials or binaries and contains only documentation and a simple publish script for the developer workflow.
Instruction Scope: noteSKILL.md confines the agent to household replenishment tasks and references only the included docs. It asks the user to provide pantry snapshots, menus, and order screenshots — those are legitimate inputs for the stated task, but they can contain personal data (addresses, order history) so users should avoid sharing sensitive account credentials or payment info. The SKILL.md explicitly disallows logging-in/auto-ordering behavior, which aligns with the stated safety boundary.
Install Mechanism: okNo install spec is present (instruction-only skill). Only one script (scripts/publish.sh) is included for publishing; it depends on clawhub/node for developer publishing and does not modify runtime behavior for end users. There are no downloads or extract/install operations that would write arbitrary code to disk at runtime.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths. This is proportionate to a planning/advisory skill that operates on user-provided inventory/menu data rather than connecting to user accounts.
Persistence & Privilege: okSkill flags: always=false (not forced-in), disable-model-invocation=false (standard autonomous invocation allowed). This is a normal default and is not combined with broad credential requirements or other privilege escalation. The skill does not request to modify other skills or system-wide agent settings.