Skillv1.0.0

ClawScan security

gbt-47041-autism-rehab · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 3:48 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose: it bundles the GB/T 47041-2026 text, guidance, and a local search script and does not request unrelated credentials, installs, or network access.
Guidance: This skill appears coherent and self-contained: it bundles the standard text, a concise operational guide, a clause map, and a local Python search script. Before installing, consider: 1) confirm you trust the unknown source/owner and are comfortable with the included MIT No Attribution license; 2) if you need PDF search the script optionally imports pypdf and expects a PDF at assets/GBT-47041-2026.pdf — missing pypdf or the PDF will make those commands fail but not perform harmful actions; 3) the skill is not a substitute for legal, medical, or official accreditation advice (SKILL.md already warns to verify against the source PDF/competent authority); 4) review any institution data you feed into the skill for privacy — the skill bundle itself does not exfiltrate data, but avoid pasting personally identifiable or sensitive records into general-purpose agents unless you control where outputs are stored. If you want higher assurance, ask the publisher for provenance (who authored/published the package) or request a signed copy of the official PDF.

Purpose & Capability: okName/description match the included assets (full standard in assets/, operational guide, clause map) and a helper script to search the bundled text. No unrelated environment variables, binaries, or install steps are requested.
Instruction Scope: okSKILL.md limits runtime actions to reading the bundled Markdown/reference files and using the provided search script; it explicitly tells the agent to verify high-stakes claims against the source PDF. Instructions do not request reading unrelated system files or transmitting data externally.
Install Mechanism: okNo install specification is present (instruction-only with one helper script). The helper script uses only local files and an optional pypdf dependency; there are no downloads from external URLs or extract/install behaviors.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The bundle operates on local files included in the skill; no secrets are requested.
Persistence & Privilege: okalways is false and the skill does not request permanent presence or attempt to modify other skills or system-wide settings. It is user-invocable and may be invoked autonomously by the agent (platform default).