V19 Conformance Test Suite
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user obtains and runs the script from somewhere else, its real behavior is not covered by the reviewed package.
The skill instructs users to run a Python script, but the supplied file manifest contains only SKILL.md and no referenced script or install source, leaving the executable implementation outside this review.
python3 V19_Conformance_Test_Suite.py
Only run the Python script from a trusted, reviewable source; the publisher should include the script or provide a pinned, verifiable install source.
Running the suite may create records or keys on the external V19 service and expose normal network metadata such as IP address and timing.
The documented suite is intended to contact an external endpoint and perform registration and audit API calls. This is aligned with a conformance test, but it is still external service interaction.
目标地址: https://boat-atlas-spa-flexible.trycloudflare.com ... 自助注册 | POST注册端点、返回专属密钥 ... 审计调用 | 完整审计流程
Run it only if you trust the target service and endpoint; do not add sensitive test data or private credentials unless the script has been reviewed.
The suite may authenticate to the V19 service using the published key, but the artifacts do not show use of the user's own accounts or credentials.
The skill discloses a built-in public key. It does not request user secrets, so this appears purpose-aligned, but it is still an authentication-like token used with the service.
脚本内置V19公开体验密钥 ... 公开密钥: `v19-e5d585e28439decc614f09f91c4caa8c`
Treat the included key as public and do not replace it with private credentials unless you understand and trust the script.