Skillv0.1.0

ClawScan security

《中国文哲研究集刊》撰稿格式检查器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 12:49 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: An instruction-only citation-format checker whose requirements and instructions align with its stated purpose and request no unrelated credentials or installs.
Guidance: This skill appears coherent and low-risk: it only uses the included style guide and user-provided citation data and explicitly forbids inventing bibliographic information. Before installing or using it, consider: (1) it will process any pasted text or uploaded documents you give it — avoid uploading files containing unrelated sensitive information; (2) always review its corrected/ formatted citations manually (complex style rules can still produce edge cases); and (3) if you plan to let the agent run autonomously, be aware it may act on user-supplied documents when triggered — the skill itself requests no external credentials or installs.
Findings: [no-findings] expected: The regex-based scanner had nothing to analyze because this is an instruction-only skill with no executable code files. That is expected for a pure guidance/formatting skill.

Purpose & Capability: okThe skill's name and description (a citation/format checker for 《中國文哲研究集刊》) match the provided artifacts: an instruction SKILL.md and a local style guide (references/citation-guide.md). It requests no binaries, env vars, or external installs that would be unnecessary for formatting/checking citations.
Instruction Scope: okRuntime instructions are narrowly scoped to: (1) reading the included style guide, (2) extracting/formatting citations from user-provided inputs (pasted text, uploaded PDFs, etc.), (3) flagging missing fields instead of fabricating data. There are no instructions to read unrelated system files, contact external endpoints, or exfiltrate secrets.
Install Mechanism: okNo install spec and no code files (instruction-only). This minimizes disk writes and external code execution risk. There is no download/installation step to review.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That is proportionate to a local citation-formatting/checking task.
Persistence & Privilege: okFlags show always: false and the normal user-invocable/autonomous-invocation defaults. The skill does not request permanent presence or elevated privileges and does not modify other skills or system-wide settings.