Skillv1.1.0

ClawScan security

Xiaohongshu Writing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 24, 2026, 6:33 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only XiaoHongShu (Red) post writing assistant whose declared requirements and runtime instructions are internally consistent with its stated purpose.
Guidance: This skill is an instruction-only writing helper and appears coherent with its stated purpose. Before installing or using it: 1) remember the skill is from an unknown source—although it has no code, evaluate outputs for accuracy and compliance; 2) always review generated posts before publishing to ensure they don't violate platform rules (no personal contact info, false claims, prohibited ads, or medical/legal advice); 3) test with non-sensitive example prompts first to confirm tone and that the '去AI味' changes don't introduce misleading or fabricated facts; 4) the SKILL.md already warns against adding contact/shop info — keep that in mind if you plan to publish; 5) if you plan to allow autonomous invocation, monitor initial runs—autonomous invocation is allowed by default but this skill does not request extra privileges. If you want higher assurance, ask the skill author for provenance or try an isolated test run before regular use.

Purpose & Capability: okThe name/description (Xiaohongshu writing assistant) match the SKILL.md: templates, title formulas, 'de-AI-ify' checklist, SEO tips and example outputs. The skill declares no binaries, env vars, or installs and does not ask for unrelated credentials or system access—everything requested is proportionate to a writing/template helper.
Instruction Scope: okSKILL.md contains only writing guidelines, templates, a checklist, and suggested questions to ask the user. It does not instruct the agent to read local files, call external endpoints, use credentials, run shell commands, or transmit data. The scope stays within content-generation and style-checking.
Install Mechanism: okNo install spec and no code files are present (instruction-only). That minimizes disk/network footprint and there is nothing to download or execute during install.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There are no unrelated or excessive secret requests; required permissions are minimal (none).
Persistence & Privilege: okSkill flags are default (always:false, user-invocable:true, model invocation allowed). It does not request persistent system presence or modification of other skills/configs. No elevated privileges are requested.