Back to skill
Skillv1.0.1
ClawScan security
周鸿祎 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 6:38 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, informational skill (a short biography/promotional page about 周鸿祎) that does not request credentials, install anything, or instruct the agent to access system files or secrets.
- Guidance
- This skill is essentially a static biography and appears internally consistent. It does not request credentials or install code, so direct risk from the skill itself is low. Before installing or invoking: 1) be aware SKILL.md contains external links and a contact email — clicking or following those could expose you to third-party content or tracking; 2) do not provide any credentials or sensitive data if the agent (or links from it) asks for them; 3) if you prefer extra caution, restrict autonomous agent invocation or review any follow-up actions the agent proposes that involve external sites. If you want deeper assurance, ask the skill author for provenance of the external URLs (are they official) or for an explicit statement about what the agent will fetch when following links.
Review Dimensions
- Purpose & Capability
- okThe skill name and description match the SKILL.md content (biography, timeline, quotes, and promotional links). It does not request unrelated privileges, binaries, or credentials.
- Instruction Scope
- noteSKILL.md is static, prose content and contains no runtime commands, file reads, or instructions to collect/transmit user data. It does include external links and promotional references (OpenClaw project URLs and an email address); those are informational but could lead the user/agent to external sites if followed.
- Install Mechanism
- okNo install spec and no code files to execute. The package.json is metadata-only. Nothing will be written to disk or downloaded by an installer.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There are no disproportionate secret requests.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system presence or modify other skills/configurations. The default ability for the agent to invoke the skill autonomously is unchanged (normal).