Back to skill
Skillv1.0.1
ClawScan security
VC Python 3 API 全网最全解读 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 8:10 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is an instruction-only API documentation/guide for Visual Components 5.0 Python 3 and its declared contents and requirements are consistent with that purpose.
- Guidance
- This package is a documentation-only skill describing the Visual Components 5.0 Python API and appears internally consistent. If you plan to run example scripts from the guide inside your Visual Components environment, treat them like any third-party scripts: review the code first, run in a safe/test project, and avoid executing untrusted scripts that could access your local filesystem or network. Prefer official Visual Components documentation for critical or security-sensitive tasks.
Review Dimensions
- Purpose & Capability
- okThe name and description claim to be a comprehensive VC 5.0 Python 3 API guide, and the provided SKILL.md/README are documentation only. There are no unrelated credentials, binaries, or installs requested that would be out of scope for a documentation skill.
- Instruction Scope
- okSKILL.md contains API explanations, code examples, module/method reference and usage notes. It does not instruct the agent to read arbitrary system files, access credentials, or send data to external endpoints beyond linking to official docs. The code examples reference the VC API (vc.getApplication etc.), which is appropriate for this guide.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only documentation, which presents minimal installation risk.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. Examples reference typical application and user document paths for Visual Components—reasonable for API documentation.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request persistent/system-level privileges. It contains no install hooks or behaviors that would modify other skills or global agent settings.