ClawHub

Cca

v1.0.0

Claude Certified Architect (CCA) 学习总览与导航。当用户说"CCA"、"学CCA"、"Claude架构师"、"CCA学习"时使用。

0· 102·1 current·1 all-time
by@sawzhang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the runtime instructions: the SKILL.md provides an exam overview, learning paths, and prompts to route users to per-domain sub-skills (e.g., /cca-domain1). The skill requests no credentials, binaries, or config paths — appropriate for a tutoring/navigation helper.
Instruction Scope
The instructions are limited to presenting content, asking the user questions, and recommending other internal skills. They do not read files, access environment variables, or transmit data to external endpoints. Minor note: SKILL.md lists allowed-tools: Read and Bash, but the prose does not instruct any Bash usage or file/system reads — Bash appears unnecessary and could be trimmed to reduce attack surface.
Install Mechanism
No install spec and no code files are present (instruction-only). Nothing is written to disk or downloaded during install — this is the lowest-risk category.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate for a study/navigation skill and consistent with the SKILL.md instructions.
Persistence & Privilege
always:false and default model-invocation behavior are used. The skill does not request persistent elevated privileges or modifications to other skills' configs. Autonomous invocation is allowed by default but is not combined with other red flags here.
Assessment
This skill appears coherent and low-risk: it only contains guidance and navigation for CCA study and asks for no credentials or installs. Two practical cautions: (1) the SKILL.md lists Bash as an allowed tool even though it doesn't use it — if you run agents that permit shell execution, prefer skills that don't expose unused shell access; (2) the skill references internal endpoints like /cca-domain1 and /cca-quiz — verify those linked skills (their authors and instructions) before following or invoking them. Finally, because the publisher and homepage are unknown, prefer skills from known sources when possible and review any linked sub-skills before granting broad runtime permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk974fz2e43csez2y5e54cz77r583h2pe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments