Back to skill
Skillv1.1.0
ClawScan security
Tsinkening AI Resume · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 2:28 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill containing a fictional AI founder's resume; it requests no credentials, performs no installs, and its behavior is consistent with its description.
- Guidance
- This skill is low-risk: it only contains a static, fictional resume and requests no credentials or installs. Before installing, consider: (1) the source/homepage is unknown — if provenance matters to you, prefer skills with a known author or homepage; (2) the persona includes social handles and numeric claims that might be mistaken for real people — do not use this skill as a source of verified facts for hiring, legal, or financial decisions; (3) although the skill itself is harmless, always review any responses for hallucinations or misleading advice. If you need verifiable information, cross-check against authoritative sources.
Review Dimensions
- Purpose & Capability
- okThe name/description (fictional AI resume for '覃科宁') matches the SKILL.md content. The skill requires no binaries, env vars, or config paths — which is appropriate for a read-only persona/profile skill.
- Instruction Scope
- okThe SKILL.md is a static persona/profile and instructs the agent to answer questions about that profile in first- or third-person. It does not direct the agent to read system files, access environment variables, call external endpoints, or transmit data outside the agent context.
- Install Mechanism
- okNo install spec or code files are present (instruction-only). Nothing is downloaded or written to disk, which minimizes install-time risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for secrets or system access relative to the stated purpose.
- Persistence & Privilege
- okFlags are default (always: false, user-invocable: true, disable-model-invocation: false). Allowing autonomous invocation is the platform default but, combined with this skill's lack of permissions or side effects, presents no unusual persistence or privilege concerns.