Skillv1.0.0

ClawScan security

study-abroad-advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 12:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only study‑abroad advising template with no code, no installs, and no credential or system access requests — its requirements and instructions are consistent with its stated purpose.
Guidance: This skill is internally coherent: it's an instruction-only advising framework and research pack for study‑abroad strategy with no installs or secret requests. Two practical cautions before installing/using: (1) SKILL.md says it will call a 'pptx' skill to generate PPTs — confirm that the pptx skill you allow is trusted and that you're comfortable with any data you provide being sent to it; (2) the skill includes an author contact (WeChat number) — avoid sharing sensitive personal documents or credentials through external contact channels; the advice here is methodological and not a guarantee of admissions, so treat recommendations as guidance and keep any personally identifying or sensitive documents private unless you trust the downstream tool or human you engage.

Purpose & Capability: okName/description (留学申请顾问) match the files and runtime instructions. The files are research and guidance documents and the SKILL.md focuses on assessment, strategy, and PPT output — nothing requests unrelated cloud creds, system access, or capabilities that don't belong to an advising skill.
Instruction Scope: okSKILL.md contains detailed advising workflows, heuristics, and a PPT output template. It does not instruct the agent to read system files, environment variables, or to contact arbitrary external endpoints. It does state it will call a 'pptx' skill to generate PPTX when requested — this is a reasonable delegated capability but relies on the invoked pptx skill's trustworthiness.
Install Mechanism: okNo install spec and no code files that would be written to disk. This is the lowest-risk pattern (instruction-only).
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The guidance and templates do not require secrets; therefore requested environment/credential access is proportional (none).
Persistence & Privilege: okalways is false and the skill does not request persistent system presence or privileged configuration changes. It will autonomously invoke (disable-model-invocation is false) which is the platform default and expected for skills; there are no elevated persistence demands.