Skillv0.1.5

ClawScan security

Voice Ai Integration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 25, 2026, 11:49 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose: it's a Shengwang/ConvoAI routing and documentation helper that fetches official docs and can inspect sample repos; it does not request credentials or perform unexpected installs.
Guidance: This skill appears to do what it says: route Shengwang/ConvoAI questions to the correct product docs and, when needed, fetch official docs or clone example repos from gitee.com. Before installing or allowing the agent to run it, consider: 1) Review the two helper scripts (fetch-docs.sh, fetch-doc-content.sh) so you know exactly which URLs will be requested and where files will be written. 2) Be prepared that the agent may fetch documentation or clone sample repos into a temporary path — confirm you are comfortable with network access to doc.shengwang.cn, doc-mcp.shengwang.cn, and gitee.com. 3) The skill does not request credentials upfront, but using product APIs later will require your Shengwang/third‑party keys; provide those only when you explicitly choose to perform actions that need them. 4) If you want stricter control, disable autonomous invocation for this skill or require the agent to ask for permission before performing network fetches or cloning repositories.

Review Dimensions

Purpose & Capability: okName/description match the files and instructions: local reference docs, routing rules, and doc-fetch helper scripts are appropriate for a Shengwang/ConvoAI integration helper. Network targets (doc.shengwang.cn, doc-mcp.shengwang.cn, gitee.com) and git cloning of sample repos are expected for this purpose.
Instruction Scope: noteRuntime instructions require running scripts to download a docs index and to fetch individual doc pages, and they may git-clone sample repos for inspection. The SKILL.md includes safety rules (state downloads, prefer temp paths, don't modify user projects until asked). It also instructs the agent to route automatically to product modules when intent is clear, which can lead to fetching docs or cloning repos without extra confirmations — not inherently malicious but worth noting for user consent.
Install Mechanism: okNo install spec; this is instruction-only plus two small shell helper scripts. That is low-risk compared with arbitrary downloads or package installs. The documented network sources are standard (official doc host and gitee).
Credentials: okThe skill's metadata does not request environment variables or credentials. The reference docs list many provider-specific env var names (LLM/TTS/ASR) but only as informational requirements for using Shengwang services — they are not required by the skill itself at install time.
Persistence & Privilege: okThe skill is not always-included and does not request elevated privileges. It instructs temporary repo cloning and avoiding writing into the user's main workspace unless explicitly asked. Autonomous invocation by the agent is allowed (platform default) but not combined with other red flags.