Skillv1.0.0

ClawScan security

Shuidibao · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 18, 2026, 6:48 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only assistant for recommending and explaining ShuiDiBao insurance products; its required resources and instructions are consistent with that purpose and it does not request credentials or perform risky installs.
Guidance: This skill is instruction-only and appears coherent for providing ShuiDiBao product explanations and purchase suggestions. Before installing or relying on its advice: 1) be aware it has no declared connection to ShuiDiBao APIs or an official data source (its recommendations may be generic or out of date); 2) avoid pasting highly sensitive personal data beyond the necessary context (age, general health, budget); and 3) verify any concrete purchase recommendations against ShuiDiBao's official product pages and the policy wording before buying. If you need live product lists or official quotes, prefer a skill or integration that declares an authenticated API connection to ShuiDiBao or an official source.

Purpose & Capability: okThe name and description describe an insurance-product advisor and the SKILL.md contains only guidance for asking user context (age, health, budget), interpreting policy terms, comparing products, and giving purchase suggestions — all consistent with the stated purpose. No unrelated credentials, binaries, or installs are requested.
Instruction Scope: okRuntime instructions are limited to collecting user-provided context and explaining/contrasting policy terms and offering advice; they do not instruct the agent to read system files, access environment variables, or transmit data to external endpoints. Note: the skill does not include any mechanism to fetch live ShuiDiBao product data, so recommendations will be based on the agent's knowledge and user-provided details rather than an authenticated API.
Install Mechanism: okNo install spec and no code files are present (instruction-only), so nothing is written to disk and no external packages or downloads are performed.
Credentials: okThe skill does not request any environment variables, credentials, or config paths. This is proportionate to an advisory-only assistant that does not integrate with external APIs or services.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated or persistent privileges. It can be invoked by the user or autonomously per platform defaults, which is expected behavior for a skill of this type.