Skillv0.1.1

ClawScan security

中文学术论文写作助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 5:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only skill is internally consistent with its stated purpose (Chinese humanities academic writing assistance); it has no installers, no requested credentials, and its runtime instructions stay within expected scope — but you should still verify any formatted citations and avoid submitting unpublished sensitive materials to any integrated citation skill.
Guidance: This skill appears coherent and low-risk: it is instruction-only, uses only bundled reference files, and asks you to install a separate citation formatting skill for citation-specific work. Before using it: (1) Verify outputs — especially formatted citations and bibliographic entries — because model hallucinations can still fabricate plausible-looking references despite the 'no fabrication' instruction; (2) Avoid pasting highly sensitive or unpublished manuscripts into the skill or into any auxiliary skill (cwphil-citation-style) until you review that skill's privacy/permission requirements; (3) If you install the recommended cwphil-citation-style skill, review its declared permissions, environment needs, and install method to ensure it’s trustworthy; (4) Always run plagiarism checks and final manual edits before submission.

Purpose & Capability: okName/description (Chinese academic writing assistant for humanities) align with the included references and declared behavior. The skill only uses local reference documents and calls an auxiliary citation skill (cwphil-citation-style) for formatting, which is appropriate for the stated purpose.
Instruction Scope: okSKILL.md instructs the agent to load the bundled reference files, guide users through writing stages, and call cwphil-citation-style for citation formatting and checking. It does not instruct reading unrelated system files, contacting external endpoints directly, or accessing credentials. The 'no fabrication' rule is explicit, but model hallucination remains a separate risk requiring human verification.
Install Mechanism: okNo install spec and no code files — instruction-only. Nothing is written to disk or downloaded during install, minimizing supply-chain risk.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. Its needs are proportionate to an instruction-only writing assistant.
Persistence & Privilege: okalways is false and autonomous invocation is allowed by default (normal). The skill does not request permanent system presence or modify other skills/configs.