Back to skill
Skillv0.1.0
ClawScan security
Ximalaya · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMay 1, 2026, 7:25 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5.5
- Summary
- This instruction-only skill is limited to light analysis of public Ximalaya pages and does not request credentials, installation, persistence, or local/system access.
- Guidance
- Before installing, confirm you are comfortable with the agent visiting public Ximalaya pages for light content analysis. The provided artifacts do not show hidden code, credential access, persistence, or broad automation.
Review Dimensions
- Purpose & Capability
- okThe stated purpose—summarizing public program, album, host, ranking, and interaction metrics—is coherent with the SKILL.md instructions.
- Instruction Scope
- okThe instructions explicitly limit use to public pages, light analysis, controlled request frequency, and no downloads, reverse engineering, API calls, or bulk scraping.
- Install Mechanism
- okThere is no install spec, no required binaries, no required environment variables, and no code files; the skill is instruction-only.
- Credentials
- okThe artifacts do not request filesystem access, local credentials, browser cookies, privileged system access, or unrelated external services.
- Persistence & Privilege
- okNo persistence, background execution, account authority, credential use, or privilege escalation is described.