Skillv1.0.1

ClawScan security

Lord Of Mysteries 诡秘之主 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 15, 2026, 7:13 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This is a self-contained Lord of Mysteries lore knowledge‑base (many Markdown entries) and its requested/installed items match that purpose; no suspicious env, binaries, or installers are present — main residual concern is unknown provenance/copyright of the content.
Guidance: This skill appears to be exactly what it says: a large, read-only Lord of Mysteries lore collection in Markdown. Before installing, consider: 1) provenance and copyright — the SKILL.md cites fandom/Qidian but the package's source/homepage are 'unknown'; if you need to respect licensing or attribute sources, verify the author and permission to redistribute. 2) content accuracy and spoilers — it's a fan-compiled corpus and may contain errors or spoilers you might not want. 3) size/performance — ~867 files is large; it may increase memory/response time when the agent searches the corpus. 4) autonomous invocation — the skill can be called by the agent automatically; if you prefer to review uses, restrict autonomous invocation or require explicit user consent. If you need higher assurance, ask the publisher for source/origin and licensing details or request a trimmed subset limited to only the entries you want.

Purpose & Capability: okName/description = LoM world knowledge base. The bundle contains ~867 Markdown files with lore organized into the stated categories. Nothing requested (no env vars, no binaries, no config paths) is disproportionate to a read-only knowledge base.
Instruction Scope: okSKILL.md is an instruction-only manifest: it describes the knowledge base and when the skill should be used (trigger terms). It does not instruct the agent to read unrelated system files, call external endpoints, or exfiltrate secrets. All runtime behavior is limited to using the included documentation.
Install Mechanism: okNo install spec and no code files. Instruction-only skill (lowest install risk). Files are static Markdown; nothing is downloaded or executed.
Credentials: okNo environment variables, credentials, or config paths are required. The skill does not request any secrets or elevated access.
Persistence & Privilege: okalways:false (not force-included). disable-model-invocation:false (agent may invoke autonomously) — this is platform default and acceptable here. The skill does not request system-wide configuration changes or access to other skills' credentials.