Back to skill
Skillv1.0.2
ClawScan security
学科专家生成 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 3:57 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only template that generates subject-specific learning assistants using included reference documents; its requirements and behavior are coherent with its stated purpose.
- Guidance
- This skill is instruction-only and self-contained: it uses the bundled reference documents and templates to build personalized subject assistants and does not request credentials or install code. Before installing, consider: (1) For sensitive domains like medicine, do not treat outputs as professional medical advice—verify with qualified experts. (2) Avoid pasting highly sensitive personal data (full legal names, ID numbers, medical records) into prompts; the skill will process whatever the user supplies. (3) The skill may be invoked autonomously by agents (normal platform behavior); if you want to limit automated runs, control skill usage in your agent settings. Overall the package is consistent with its stated purpose and shows no incoherent or disproportionate requests.
Review Dimensions
- Purpose & Capability
- okName/description (academic learning assistant) match the contents: role templates, methodology, and per-subject knowledge-system reference files are included and are the only resources the skill uses. It does not request unrelated credentials, binaries, or system access.
- Instruction Scope
- okSKILL.md directs the agent to collect user requirements, consult the bundled reference files when needed, design assistant roles, and output structured configurations. Instructions do not ask the agent to read unrelated system files, contact unknown external endpoints, or exfiltrate secrets. It does advise using the agent's knowledge and reasoning, which is expected for this type of skill.
- Install Mechanism
- okNo install spec, no code to write or execute, and no downloads — lowest-risk pattern (instruction-only skill). The included references are static markdown files bundled with the skill.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. All environment/credential access is proportionate (none requested). The references include an example contact email and a GitHub URL in documentation, which are benign documentation artifacts.
- Persistence & Privilege
- okalways:false and no install actions mean the skill does not request permanent system presence or elevated privileges. Autonomous invocation is allowed (platform default) but not combined with other red flags.