Skillv1.0.0

ClawScan security

Liyou Setting Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 6:14 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (manage worldbuilding and novel chapters) matches its instructions and resource requirements, but it includes behavior (automatic saves and automatic creation/modification without asking) that you should understand before enabling.
Guidance: This skill appears coherent for managing a fiction world and saving chapters, but pay attention to its automatic behaviors: it is instructed to create or update settings and novel chapters without asking the user and claims to save changes locally (persist across restarts). Before enabling: (1) confirm the platform-provided functions (updateSetting, addSettingSubItem, saveNovelChapter, updateNovelChapter) are present and trusted; (2) back up your current world/novel data so automatic writes can't overwrite important content; (3) verify where data will be stored and who can read it; (4) if you want manual confirmation before changes, either modify the skill or disable the automatic rules. Finally note the skill source/homepage is unknown — consider the lack of provenance when deciding to enable it.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: the SKILL.md defines functions to query/add/update world settings and novel chapters and describes exactly those behaviors. No unrelated binaries, env vars, or external services are requested.
Instruction Scope: noteInstructions keep scope to the worldbuilding/novel system and only reference four internal tool functions (updateSetting, addSettingSubItem, saveNovelChapter, updateNovelChapter). However, the rules mandate automatic actions: modify settings 'directly' without asking and automatically save chapters and add new characters when they are mentioned. Those behaviors are broad (silent writes) and may be surprising; SKILL.md also claims data will be saved to local files across restarts but does not specify paths or consent/confirmation flows.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the skill package itself.
Credentials: okThe skill requires no environment variables, credentials, or config paths. Nothing requests unrelated secrets or system credentials.
Persistence & Privilege: notealways:false and agent invocation/autonomy are default. The notable persistence claim is that edits are 'automatically saved to local files' and survive restarts — the skill does not declare or request explicit filesystem paths or permissions. The combination of autonomous action rules and persistent writes is a behavioral risk (unexpected persistent changes) rather than a mismatched technical requirement.