Skillv1.0.0

ClawScan security

Chenlang · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 3, 2026, 4:51 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only informational skill about WeChat that requests no credentials, installs nothing, and its content and requirements are coherent with its stated purpose.
Guidance: This skill appears safe and coherent for learning about WeChat. It requests no credentials and installs nothing, so technical risk is minimal. Keep in mind: the content is static and source/origin is unknown, so verify facts against official or reputable sources if you need up-to-date or critical information. If you prefer traceability, look for skills with a documented homepage or source repository before installing.

Purpose & Capability: okThe name and description promise a comprehensive introduction to WeChat; the skill is instruction-only and does not request unrelated binaries, environment variables, or access. The requested footprint (none) matches the stated purpose (informational guide).
Instruction Scope: okSKILL.md contains static explanatory content about WeChat (history, features, ecosystem, tips). It does not instruct the agent to run commands, read files, access environment variables, or transmit data externally—no scope creep detected.
Install Mechanism: okNo install specification and no code files are present. As an instruction-only skill, nothing will be downloaded or written to disk during installation.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There are no disproportionate credential requests relative to the described functionality.
Persistence & Privilege: okalways is false and the skill does not request elevated or persistent privileges. disable-model-invocation is false (normal), meaning the agent may call the skill autonomously—this is expected for skills and is not risky given the skill's limited scope.