Skillv1.0.0

ClawScan security

客观原则评价技能 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 6, 2026, 2:10 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only skill is internally consistent with its stated purpose (an objective design/product evaluator) and requests no installs, credentials, or system access.
Guidance: This skill appears low-risk: it is an instruction-only evaluator that asks the model to apply three design frameworks and produces a structured verdict. Before installing, note that (1) it has no external access or credentials so it cannot exfiltrate secrets, (2) outputs depend on the model's knowledge and prompts you give it—check for hallucinations or unjustified claims, and (3) when using it, supply only the product information you want evaluated (avoid pasting sensitive data). If you need stricter control, disable autonomous invocation or review outputs before acting on them.

Purpose & Capability: okThe name/description match the SKILL.md: it provides a three-lens evaluation framework (Fadell/Norman/Rams). There are no unrelated requirements (no credentials, binaries, or config paths) that would be disproportionate to an evaluator skill.
Instruction Scope: okSKILL.md contains only evaluation questions, scoring rules, usage patterns, and an example output format. It does not instruct the agent to read files, access environment variables, call external endpoints, or collect unrelated system data.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only, which minimizes disk/network installation risk.
Credentials: okThe skill declares no environment variables, credentials, or config paths. Nothing requested is disproportionate to a product/design evaluation task.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent or elevated presence. Autonomous invocation is allowed by default but not combined with other risky factors here.