v1.0.0

Superpowers Cn

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:32 AM.

Analysis

This appears to be a low-permission Chinese workflow/prompting skill with no evident malicious behavior, though its publisher metadata is slightly inconsistent.

GuidanceThis skill is mainly a workflow guide for making the AI clarify requirements, plan, execute step by step, and review results. It appears safe from the provided artifacts, but you may want to verify the publisher/source because the registry owner and embedded metadata owner do not match.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

_meta.json

"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26"

The embedded owner ID differs from the registry metadata owner ID shown for the package, creating a minor provenance inconsistency even though no unsafe behavior is shown.

User impactThe skill does not request sensitive access, but the mismatch makes it slightly harder to confirm who packaged or published it.

RecommendationConfirm that the registry publisher is the intended source before installing, especially if you rely on the author's identity.