Back to skill
Skillv1.0.2
ClawScan security
AntV Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 9:31 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only generator for AntV G2 v5 chart code and its requirements and instructions are consistent with that purpose.
- Guidance
- This skill appears to be a documentation-heavy, instruction-only generator for AntV G2 v5 and is internally consistent. Two practical cautions: (1) the skill's source and homepage are unknown — prefer skills from known authors/repos when possible; (2) although the skill itself does not request secrets or perform installs, review any code it generates before executing it in your environment (especially network calls or fetch() URLs) and avoid pasting sensitive credentials into prompts. If you need higher assurance, ask the maintainer for a homepage or source repo, or test the generated snippets in a sandbox/browser environment first.
Review Dimensions
- Purpose & Capability
- okName/description (G2 v5 chart code generator) match the provided SKILL.md and large collection of G2 references. There are no unrelated env vars, binaries, or config paths requested, and the contained examples and guidance all relate to G2 code generation.
- Instruction Scope
- okThe SKILL.md provides detailed rules and examples for producing G2 v5 Spec-mode chart code. It does not instruct the agent to read local files, harvest environment variables, change system state, or send data to arbitrary external endpoints. Example fetch URLs in the docs are sample/data-URL placeholders (e.g., example.com or assets.antv.antgroup.com) used as documentation, not runtime exfiltration steps.
- Install Mechanism
- okNo install spec or code files executed at install time; the skill is instruction-only. No downloads, package installs, or archive extraction are present.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There are no excessive or unexplained secret requests relative to the described functionality.
- Persistence & Privilege
- okalways is false and the skill is user-invocable with normal autonomous invocation allowed (platform default). There is no indication the skill attempts to change other skills' configs or request permanent elevated presence.