Back to skill
Skillv1.0.0
ClawScan security
金牌销售 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 20, 2026, 8:43 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is an instruction-only Chinese sales-scripting helper that requests no credentials, no installs, and its runtime instructions match its stated purpose.
- Guidance
- This skill appears safe from a technical-permissions perspective: it only contains generation templates and asks for user-provided context. Before installing, consider these non-technical points: (1) Do not paste real customer PII or sensitive data into prompts—remove or anonymize it. (2) Review generated scripts for factual accuracy and compliance with your company policies and applicable law (claims about product effectiveness, pricing, guarantees, or using people's names). (3) The skill is designed to persuade—ensure outputs follow your ethical guidelines (avoid high-pressure or deceptive tactics). (4) If you plan to allow autonomous agent use, monitor outputs initially to ensure they conform to expected tone and compliance requirements.
Review Dimensions
- Purpose & Capability
- okName/description (生成销售话术、异议处理、FAB、风格模仿) align with the SKILL.md templates and modules; nothing in the manifest asks for unrelated privileges or services.
- Instruction Scope
- okSKILL.md contains detailed templates and step-by-step generation rules, collects only user-provided sales/context fields when needed, and does not instruct reading system files, environment variables, or sending data to external endpoints. It also explicitly prohibits fabricating real customer/case data (allows labeled example cases).
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk or downloaded during installation.
- Credentials
- okNo environment variables, credentials, or config paths are requested; required access is minimal and proportionate to a text-generation skill.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide persistence or modify other skills/configs. Autonomous invocation is allowed by default (normal for skills) but is not combined with elevated privileges.