ClawHub
Back to skill
v1.7.0

04 Product Compliance

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 2:41 PM.

Analysis

This is an instruction-only product-compliance checklist that does not request access or run code, but users should not treat it as official or legal advice without verifying the sources.

GuidanceThis appears safe as an advisory, instruction-only compliance helper. Before relying on it for actual product takedowns, merchant penalties, refunds, or legal conclusions, confirm that the publisher is authoritative, the referenced policy documents are available, and the rules are current.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
author: 阿里巴巴内控部(思维训练版) ... 你是阿里巴巴内控部的**商品合规审查专家**

The skill frames the agent as an Alibaba internal-control compliance expert. Although it also says the check is only auxiliary and not legal advice, this authoritative framing could cause users to over-trust its conclusions.

User impactUsers might mistake the output for official Alibaba or legal compliance guidance and make business decisions such as delisting or merchant warnings based on it.
RecommendationTreat the results as an advisory pre-check only; verify current platform rules, legal requirements, and the skill publisher's authority before taking enforcement or legal action.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
reference: - 统一术语表:docs/GLOSSARY.md - 信息不足处理:docs/INSUFFICIENCY-HANDLING.md - 规则更新同步:docs/RULE-UPDATE-SOP.md

SKILL.md references supporting documentation files, but the provided manifest contains only SKILL.md. This is an incomplete documentation/provenance context rather than evidence of unsafe execution.

User impactSome terminology, insufficiency-handling, or rule-update procedures may be unavailable, which could make outputs less consistent or harder to verify.
RecommendationIf installing for real compliance work, obtain the referenced documentation or remove/update those references so users know exactly which rules the skill is applying.