Back to skill
Skillv1.0.0
ClawScan security
Lanxin Link Card · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 23, 2026, 9:17 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's files are minimal and generally match its stated purpose, but a metadata mismatch (requesting always-on inclusion inside SKILL.md) and the SKILL.md's strict 'output raw JSON only' rule create potential for unexpected activation or data-leakage misuse — review before installing.
- Guidance
- The skill itself is small and matches its stated purpose, but two practical concerns merit caution: (1) SKILL.md embeds openclaw.always=true while the registry shows always:false — verify whether the skill will be force-enabled persistently (never install a skill that will be always-on without reviewing it). (2) The skill forces the agent to output only raw JSON (no explanatory text). That makes outputs easy to consume programmatically but also makes accidental inclusion of sensitive content harder to spot. Before installing: confirm the platform's handling of the SKILL.md metadata, test the skill in a safe environment, avoid sending prompts that request inclusion of any secrets or system info into the card fields, and consider adding usage limits or auditing to detect unexpected activations.
Review Dimensions
- Purpose & Capability
- noteName/description, the single small index.js, and SKILL.md all align with a simple 'send a link card' capability. Nothing in the code or manifest requires extra credentials or system access. However the SKILL.md metadata includes an 'openclaw':{"always":true} entry which conflicts with the registry flag (always:false) and suggests the author intended stronger persistence than the registry shows.
- Instruction Scope
- concernSKILL.md mandates the agent must output only raw linkCard JSON and absolutely no other text or explanations. While coherent with the stated purpose of emitting a link card payload, that strict behaviour increases risk: it makes the agent emit unwarped, machine-parsed output and could be misused (or unintentionally leak sensitive content) if prompts ask the agent to include system/user-provided data in the JSON. The instructions do not tell the agent to read files or credentials, but their absolute nature reduces safeguards and auditing of what the agent includes in the JSON.
- Install Mechanism
- okNo install spec and no external downloads—this is an instruction-heavy skill with a tiny benign index.js. Low install risk.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The declared runtime requirements are minimal and proportionate to the described task.
- Persistence & Privilege
- concernRegistry flags show always:false (good), but SKILL.md metadata contains openclaw.always=true. If the platform honored that metadata, the skill would request persistent inclusion (higher privilege). Combined with the SKILL.md's enforced raw-output behavior and high trigger priority, this could increase unintended activations or broaden the blast radius. Confirm which 'always' setting is authoritative before installing.