Back to skill
Skillv1.0.0
ClawScan security
匹配项目solution · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 29, 2026, 12:21 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's description, instructions, and included mapping CSV are consistent: it classifies projects from user-supplied CSV/JSON using the provided asset and does not request credentials, install code, or call external endpoints.
- Guidance
- This skill appears internally consistent and only needs CSV/JSON input plus the included mapping file. Before installing or running: (1) review the included assets/Competency的Solution清单.csv to ensure mappings are accurate and contain no unexpected entries; (2) avoid supplying sensitive PII or credentials in the input data since the skill will process whatever you provide; (3) because the publisher/source is unknown and there is no homepage, prefer running it on test data first and inspect outputs; (4) if you plan to integrate this into automated workflows, confirm no hidden network calls are added by your environment, and periodically verify the mapping file if it should stay up to date.
Review Dimensions
- Purpose & Capability
- okThe name/description state it matches projects to Solution labels; the SKILL.md implements exactly that using the included Competency->Solution CSV. No extra binaries, env vars, or unrelated capabilities are requested.
- Instruction Scope
- okRuntime instructions are limited to validating input fields, loading the included CSV mapping, performing prioritized matching rules, and returning augmented rows. The skill does not instruct reading system files, environment variables, or transmitting data to external endpoints.
- Install Mechanism
- okThere is no install spec and no code files to write or execute; the skill is instruction-only and uses the bundled CSV asset. This is the lowest-risk install profile.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. The logic described does not require secrets or unrelated credentials.
- Persistence & Privilege
- okFlags show always:false and normal autonomy settings. The skill does not request permanent presence or system-level changes and does not modify other skills' configs.