Skillv1.0.0

ClawScan security

undercover-is-who · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 2, 2026, 2:31 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is internally consistent with its stated purpose (acting as a judge for the Chinese “谁是卧底” game); it contains local scripts and a local SQLite DB and does not request external credentials or network installs.
Guidance: This skill appears to do exactly what it says: run locally to manage a “谁是卧底” game, assign roles, record descriptions and votes, and generate messages. Before installing or invoking it, consider: (1) Persistence/privacy: the skill creates database/games.db inside the skill folder and stores player names and message-sender IDs — if your agent runs in a shared environment, those IDs and game logs could be accessible to others; plan for secure storage or periodic cleanup. (2) Message delivery: the skill assumes the agent will send private messages and has access to message-sender IDs; ensure your agent/platform integration can deliver private DMs and that you give only the minimum required privileges. (3) Disclosure behavior: final vote-announcement logic prints who voted for whom — this is a normal gameplay option but is more revealing than “only who has/hasn’t voted”; review the code if you need a different privacy posture. (4) No external network or secrets are requested by this skill, and there is no install-time download risk. If you need higher assurance, inspect the remaining truncated parts of db.py/game_engine.py to confirm there are no unexpected network calls or hidden behaviors and run the skill in an isolated environment first.

Review Dimensions

Purpose & Capability: okName/description (game judge) match the provided scripts and SKILL.md. The code only reads the bundled word-pairs, creates a local SQLite database inside the skill directory, assigns roles, records descriptions/votes, and generates templates/messages — all expected for a judge automation. There are no environment variables, third-party credentials, or unrelated binaries required.
Instruction Scope: noteSKILL.md is explicit about the judge role, secrecy, when to call scripts, and about binding/verifying message-sender IDs. That scope is reasonable. Two points to note: (1) SKILL.md insists on absolute secrecy of words/roles until game end — the code follows this for words/roles but the vote announcement code (cmd_announce) reveals per-player vote targets (who voted for whom), which is a normal game feature but is a disclosure beyond merely listing who has/hasn't voted (the earlier progress message avoids targets). (2) The skill instructs the agent to send private messages (and to always verify IDs first) but does not provide the platform-specific mechanism for sending those messages; the agent/execution environment must implement private-message delivery properly.
Install Mechanism: okNo install spec; this is instruction-only with bundled Python scripts. No external downloads or package installs are declared. Scripts run locally and create an on-disk SQLite DB in the skill folder.
Credentials: noteThe skill requests no environment variables or external credentials. It does, however, persistently stores player identifiers (player_id / message sender IDs) and game state in a local database under the skill directory. Storing message-sender IDs is necessary for the 'bind-id' / 'verify-id' functionality, but these identifiers can be sensitive in multi-tenant or shared environments — consider that persistent storage of user IDs may be privacy-relevant.
Persistence & Privilege: noteThe skill creates and writes a persistent SQLite database (database/games.db) under its own install directory and logs game state, descriptions, and votes per its design. It does not request always:true, does not change other skills' configs, and does not ask for system-wide privileges. Persisting game data is expected, but be aware of the persistent footprint and where that directory lives and who can access it.