Skillv1.0.0

ClawScan security

Red Alarm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 6:05 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only skill is internally consistent: its described purpose (小红书内容合规审查) matches the SKILL.md instructions and it requests no installs, credentials, or unusual system access.
Guidance: This skill appears coherent and safe in structure, but keep in mind: (1) it is an offline reviewer — it cannot query 小红书 or verify backend account data unless you provide that information, so its conclusions depend on the accuracy and completeness of the inputs you give it; (2) do not paste sensitive credentials or private tokens into the input — account history is optional and should be redacted if sensitive; (3) it cannot analyze raw images — provide descriptive text for images if you want them reviewed; (4) its recommendations are advisory and do not replace the platform's official moderation decisions. If you need automated checks that query platform APIs or process binary media, prefer a skill that explicitly declares those capabilities, required credentials, and install steps.

Purpose & Capability: okName/description describe a content-compliance assistant for 小红书; SKILL.md contains detailed review heuristics, reporting format, and required inputs (text, optional image descriptions, optional account info). Nothing requested (no env vars, no binaries, no installs) is unrelated to the stated purpose.
Instruction Scope: okRuntime instructions focus on text-based compliance checks, five-dimension risk reasoning, and producing an explainable Markdown report. It does not instruct reading arbitrary system files, contacting external endpoints, or exfiltrating credentials. It does request account history or posting behavior only if the user supplies it (marked optional). It explicitly notes image analysis is limited to user-provided descriptions.
Install Mechanism: okNo install spec and no code files — instruction-only. This has minimal attack surface because nothing is written to disk or downloaded by the skill.
Credentials: okThe skill requires no environment variables, credentials, or config paths. All data needs are proportional to the task (text, optional metadata provided by the user).
Persistence & Privilege: okalways is false and the skill does not request persistent/system-level privileges or modify other skills. Autonomous invocation is allowed by platform default but is not combined with other red flags here.