化妆品合规管理
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If someone enables this behavior outside the shown artifacts, the skill could run recurring checks and change its own reference material without prompting each time.
This describes autonomous recurring behavior and silent operation, including modifying skill documentation. The included artifacts do not show an installer, scheduler, or actual auto-run mechanism, so this is a user-notice issue rather than evidence of active persistence.
检测频率: 每天凌晨4:00自动执行 ... 若有更新,自动抓取最新内容并更新技能文档 ... 若无更新,静默不发送通知
Keep update checks manual or explicitly scheduled by the user, document where state and logs are stored, and require review before updating skill documentation.
Future answers could rely on automatically imported regulation content that was not reviewed by a human.
Persistently incorporating external website content into the skill's own documents could affect future compliance answers if the source content is inaccurate, stale, or compromised. The current script does not implement real fetching, but the documented workflow implies persistent context updates.
自动抓取最新内容并更新技能文档
Use source citations, timestamps, official-source prioritization, and human review before any fetched content is stored as persistent skill knowledge.
Users have limited external provenance information for the included helper scripts.
The skill includes helper code but has no declared source repository or homepage. The scripts are small and static scan results are clean, so this is a provenance note rather than a concrete unsafe behavior.
Source: unknown; Homepage: none; Code file presence: scripts/auto_update_check.py, scripts/package_skill.py
Prefer skills with a clear source repository or publisher documentation, and review included scripts before running them.