intelligent driving dss智能驾驶决策支持系统
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only vehicle and traffic-law knowledge skill with no executable code or credentials, but its driving/legal outputs and any future update/API actions should be treated as advisory and user-approved.
This skill appears safe to install as a static, instruction-only knowledge base. Treat its driving, legal, market, and safety recommendations as advisory rather than authoritative. Do not let it control vehicles or make purchases, and approve any proposed downloads, file updates, API calls, VIN use, or location sharing.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users could over-trust the output for real driving, legal, or safety-critical decisions.
The skill frames itself as high-precision, real-time driving/legal decision support, but the artifacts are static documentation and do not show live sensor integration, official legal validation, or vehicle-control safeguards.
提供实时路况下的情景压力测试、多传感器融合分析及高精度风险预警...确保所有交通行为 comply with Chinese laws and regulations.
Use it as a simulation/reference aid only; verify legal interpretations with official sources and never use its output as a direct vehicle-control instruction.
If an agent interprets this literally, it might fetch documents or write files without the user expecting it.
The documentation describes future automatic activation, downloading, and file updates, although no code or persistence mechanism is included.
待 2026 年修订草案正式发布后自动激活比对分析流程...PDF 文件下载至`~/downloads/drafts/`
Require explicit confirmation before any web download, local file creation, or knowledge-base update.
A real VIN or current location could reveal vehicle identity or travel patterns if transmitted outside the local conversation.
The documented API schemas use VIN and location fields, which can be sensitive if sent to a real external service; no implemented endpoint or host is shown.
"endpoint": "/api/v1/nev/vehicle/{vin}" ... "current_location": {"type": "string"}Avoid entering real VIN or precise location data unless necessary, and confirm where any API call sends that information.
Users have less external provenance to verify the skill’s data quality and maintenance history.
The skill has limited publisher/source provenance, though it also has no executable install path or code dependencies in the provided artifacts.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Prefer official legal and vehicle-data sources for critical decisions, and review publisher trust before relying on the knowledge base.