Back to skill
Skillv1.0.1
ClawScan security
标书自用调整 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 2:50 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only bid-document drafting assistant that is internally consistent: it requires no installs, credentials, or system access and its runtime instructions stay within the described purpose.
- Guidance
- This skill appears coherent and instruction-only, but before installing: 1) Verify the skill author/source (homepage is missing and _meta ownerId in included files differs from registry owner), as provenance is unclear. 2) Do not upload confidential or legally-sensitive tender documents unless you trust the skill/source — the skill will operate on any user-provided documents. 3) If you see an update that adds an install script, environment variables, or non-empty code files, re-evaluate (those would materially change the risk). 4) Prefer skills with a reachable homepage or contact and consistent metadata.
Review Dimensions
- Purpose & Capability
- okName, description and SKILL.md all describe a bid-document writing workflow and the files provided match that purpose. The skill does not request unrelated binaries, credentials, or config paths.
- Instruction Scope
- okSKILL.md instructs the agent to analyze user-provided tender documents, build matrices/outline, write sections, suggest charts/mermaid, and perform compliance checks — all within the stated scope. It does not instruct reading system files, environment variables, or sending data to third-party endpoints.
- Install Mechanism
- okNo install spec is present (instruction-only), so nothing will be downloaded or written to disk by an installer. There is one code file (scripts/save_paper.py) but it is empty, so there is no executable payload bundled.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. This is proportionate for a writing/analysis skill that operates on user-supplied documents.
- Persistence & Privilege
- okalways is false and the default model-invocation settings apply (agent may call autonomously). The skill does not request persistent system-level presence or modify other skills' configs.