Back to skill
Skillv1.0.0
ClawScan security
WeChat Intro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 4:47 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, content-focused skill that provides an overview of WeChat and does not request credentials, install software, or perform unexpected actions.
- Guidance
- This skill appears to be a simple, read-only informational guide about WeChat and is internally consistent with that purpose. Before installing, confirm you trust the publisher (source is listed as unknown), and prefer skills from known authors. Because it's instruction-only, it cannot by itself exfiltrate secrets or run code, but an agent with broader platform privileges could still combine outputs with other capabilities — if you have strict security requirements, restrict skill installation to verified publishers and review any future updates for added env requirements or install steps.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description (WeChat overview) match the SKILL.md content, which only contains explanatory text about WeChat features, history, ecosystem and运营建议.
- Instruction Scope
- okSKILL.md contains only static informational content and guidance about WeChat; it does not instruct the agent to read files, access environment variables, call external endpoints, or perform system actions.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only so nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — consistent with its informational purpose.
- Persistence & Privilege
- okThe skill does not request permanent presence (always is false) and does not modify system or other-skill configurations; autonomous invocation is allowed by platform default but is not unusual here.