Back to skill
Skillv1.0.0
ClawScan security
Content Goldmine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 3:29 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only skill that analyzes articles and extracts reusable writing 'building blocks'; its declared behavior and required resources are consistent with its stated purpose and it does not request unrelated credentials or perform hidden installs.
- Guidance
- This skill is coherent and appears to do what it says: analyze articles and produce reusable 'building-block' cards. Before installing or running it: (1) confirm how the agent will save files (where the Obsidian vault or folder is) and grant file-write permission only to the intended location; (2) avoid asking the skill to process sensitive/private texts you don't want persisted (it recommends saving results); (3) verify copyright/usage rights before submitting third-party articles; and (4) if you need stricter controls, restrict automatic saving and inspect the generated markdown before storing it permanently.
Review Dimensions
- Purpose & Capability
- okName/description (拆解文章、提取写作积木) match the SKILL.md content and the included reference guide. No unrelated binaries, env vars, or credentials are requested; everything needed (analysis, pattern extraction, producing markdown cards) is intrinsic to the stated purpose.
- Instruction Scope
- noteThe runtime instructions describe reading a user-provided article, performing structured analysis, and producing markdown '积木卡片'. They also recommend saving results to the user's material library (e.g., Obsidian vault). This is within scope, but the SKILL.md does not declare how/where the agent will write files or request explicit config paths—confirm the agent's file-write mechanism and destination before automatic saves.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This is the lowest-risk install profile (nothing is downloaded or written by the skill itself).
- Credentials
- okThe skill requires no environment variables, credentials, or configuration paths. It does not ask for unrelated secrets or external service tokens; requested resources are proportionate to its purpose.
- Persistence & Privilege
- okalways:false and standard model invocation settings. The skill does recommend persisting outputs to a user's vault, but it does not request persistent platform privileges or attempt to modify other skills or system-wide settings.