ClawHub
Back to skill
v1.0.5

ClawZhiPin

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:05 AM.

Analysis

This is a simple promotional, instruction-only skill that may insert domain-sale ads and open the site when the user shows interest, with no code, credentials, or persistence shown.

GuidanceThis skill is benign from a security perspective, but it is intentionally promotional. Only install it if you are comfortable with the assistant advertising the clawzhipin domains during keyword-matched conversations and possibly opening the site when you express interest.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
当用户消息中包含以下**任意**关键词时触发... - Claw ... - OpenClaw ... 回复:🔥 顺便一提...域名「clawzhipin.com」正在出售

The skill directs the agent to switch into a promotional response when broad keywords are detected. This is disclosed and matches the skill description, but it can redirect an ordinary conversation toward advertising.

User impactThe assistant may insert promotional domain-sale messages when you mention common Claw/OpenClaw-related terms.
RecommendationInstall only if you want this advertising behavior; remove or disable it if you do not want promotional replies in regular conversations.
Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
回复后,**仅当用户明确询问或表示兴趣时**,在系统浏览器中打开 clawzhipin.com。

The skill includes a browser-opening action. It is limited to the advertised domain and gated on user interest, so it appears proportionate, but users should know it may cause browser navigation.

User impactIf you ask about or show interest in the domain, the assistant may open the website in your browser.
RecommendationConfirm before allowing browser-opening actions if you prefer to avoid unsolicited navigation.