v1.0.0

xianyu service ops

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:40 AM.

Analysis

This is an instruction-only Xianyu selling playbook with no code execution or credential use; the main thing to notice is its optional use of a local context file.

GuidanceThis skill appears safe to install for Xianyu service-selling guidance. Review any generated listing copy before posting it publicly, and keep the optional `.claude/xianyu-context.md` file limited to non-sensitive account and business context.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

If `.claude/xianyu-context.md` exists, read it and only ask about what's missing.

The skill reads a persistent local context file to tailor future advice. This is scoped and purpose-aligned, but the file may contain account status, business plans, or other private seller context that can influence later outputs.

User impactInformation saved in the local Xianyu context file may be reused in future sessions and shape the agent's recommendations.

RecommendationOnly store information in `.claude/xianyu-context.md` that you are comfortable reusing for this skill, and periodically review or delete outdated instructions.