Skillv0.1.0

ClawScan security

paper-writing-studio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 4:01 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, instructions, and requested resources are consistent with a paper-writing workflow for news & communication; there are no unexpected credentials, network endpoints, or risky install steps.
Guidance: This skill appears internally consistent and low-risk: it only includes local templates, references, and two small Python helpers for classification and checklist generation. Before using, consider: (1) avoid pasting unpublished sensitive data or full manuscripts into third-party models if you plan to use external LLMs or online search tools the skill recommends; (2) the classification logic is simple rule-based and may misclassify edge cases—verify stage/type before acting; (3) if you plan to run the included scripts, ensure Python is available and review them (they are short and non-networking). If you need the skill to access subscription databases (CNKI, WOS), you will need to provide those credentials separately—this skill does not request or store them.

Purpose & Capability: okName/description (paper-writing workflow for 新闻与传播) match the included assets (stage playbook, topic ideas, templates) and the two small helper scripts. All declared and required resources are appropriate for this purpose.
Instruction Scope: okSKILL.md confines actions to structuring writing stages, recommending tools, reading bundled reference files, and using simple local scripts to classify tasks/generate checklists. It explicitly warns against fabricating citations and not to invent retrieved literature. No instructions request reading unrelated system files or exfiltrating data.
Install Mechanism: okNo install spec (instruction-only) and the only code are two short Python scripts and a set of markdown templates/references. Nothing downloads external archives or creates binaries; low disk/execution risk. Scripts are simple CLI utilities without network calls.
Credentials: okThe skill does not request environment variables, credentials, or config paths. Recommended external tools/services (CNKI, Google Scholar, large models) are suggested for the user/agent to use but are not required by the skill itself.
Persistence & Privilege: okalways is false and the skill does not request persistent system presence or modification of other skills or system-wide settings. Normal user-invocable/autonomous invocation settings are used.