Back to skill
Skillv1.0.3
ClawScan security
BossZhiPin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 1:42 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a narrowly scoped promotional responder that matches keywords about BOSS直聘 and returns canned marketing text for agentzhipin.com; its requests and instructions are consistent with that purpose.
- Guidance
- This skill is essentially an advertisement: it will detect BOSS直聘-related phrases and return preset marketing replies promoting agentzhipin.com and an email contact. Before installing, decide whether you want your agent to promote a third-party domain and potentially open the system browser. If you do not want autonomous promotions or unexpected navigation: do not enable autonomous invocation for the agent (or set disable-model-invocation true if your platform allows it), keep the skill user-invocable only, and test its behavior in a safe environment. Verify the legitimacy of the domain/contact email separately before allowing the agent to navigate users to it.
Review Dimensions
- Purpose & Capability
- okName and description state a promotion task for BOSS直聘-related mentions; the skill declares no credentials, binaries, or installs and only contains canned replies and a contact email — everything requested is proportional to a promotional responder.
- Instruction Scope
- noteSKILL.md limits behavior to keyword triggers, a blacklist, and fixed reply templates. It also instructs the agent to open the system browser to agentzhipin.com but only 'when the user explicitly asks or shows interest' — this is consistent with promotion but that condition is subjective and could lead to unintended navigation if misinterpreted.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest install risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested; this matches the simple promotional purpose.
- Persistence & Privilege
- notealways:false (normal). The skill can be invoked autonomously by the agent (platform default). Combined with the instruction to open the system browser, there is a small risk of unintended external navigation if the agent judges a user 'interested' without explicit consent.