Back to skill
Skillv1.0.70
ClawScan security
Q Wms · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 10:15 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are internally consistent with a WMS query wrapper that delegates all work to a runtime tool (q-claw); no unrelated secrets, installs, or elevated persistence are requested.
- Guidance
- This skill appears coherent and focused: it is a WMS query wrapper that must call a runtime tool named 'q-claw' and follows strict rules (do not fabricate data, follow scene routing, preserve skuCode). Before installing, confirm two operational facts with the skill/provider or platform operator: (1) that the runtime actually provides the 'q-claw' tool and injects tenantKey/openId/context.locale as the SKILL.md expects, and (2) how authorization to your WMS is handled (the skill itself doesn't declare credentials — ensure the platform's q-claw integration will use proper, limited WMS credentials and consent flows). Also verify you trust the q-claw integration because all data access will go through it. If either the tool or the injection of runtime fields is missing, the skill cannot function as documented.
Review Dimensions
- Purpose & Capability
- okSkill name/description (Q Wms / 千易 WMS 查询) match the SKILL.md routing, scenes, and user flows. The declared capabilities (inventory, orders, tasks, manager briefings, etc.) align with the scenes and rules in the document; nothing outside WMS functionality is requested.
- Instruction Scope
- noteThe instructions are tightly scoped to WMS queries and repeatedly require calling the runtime tool 'q-claw' (and to never fabricate data). This is coherent for a query-only skill. One operational note: the SKILL.md relies on a runtime tool named 'q-claw' and on runtime-injected fields (tenantKey/openId) but the skill declares no required binaries or env — confirm the hosting platform provides the q-claw tool and injects those runtime fields. Otherwise the instructions would be impossible to execute.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest-risk install profile. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- noteThe skill declares no required environment variables or credentials, which is proportional for a purely routing/query skill. The SKILL.md references 'context.locale' and runtime-injected values (tenantKey/openId) — these are reasonable but are not declared in the registry metadata. Confirm the runtime provides those values and that no additional credentials (WMS auth) are required from the user outside the platform's usual authorization flow.
- Persistence & Privilege
- okalways:false and user-invocable:true. The skill does not request permanent presence or system-wide configuration changes, and does not ask to modify other skills. Autonomous invocation is allowed (platform default) but is not combined here with broad privileges.