Back to skill
Skillv1.0.0
ClawScan security
答案之书.skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 3:57 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and resource requirements match its stated purpose: an offline, text-only 'book of answers' that reads a local JSON corpus and stores minimal per-user state in a local SQLite file.
- Guidance
- This skill is coherent and appears offline-only: it reads data/books.json and writes a small local SQLite DB. Before installing, review data/books.json (it contains many quotes and sources) to ensure you’re comfortable with the content and any copyright considerations. If you don’t want the DB in the skill directory, set ANSWER_LIBRARY_DB to a controlled path. You can run the provided unit tests (python3 -m unittest discover -s tests) locally to validate behavior. If you plan to allow autonomous agent invocation, note the agent may call the skill automatically (disable-model-invocation is not set here) — if you want to restrict that, change the skill settings. Otherwise, there are no unexpected network calls, secret requirements, or install-time downloads in this package.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, and the included Python modules (router.py, service.py, storage.py) consistently implement a three-book routing answer skill. No unrelated credentials, binaries, or external services are requested.
- Instruction Scope
- okRuntime instructions are limited to reading the built-in books.json, routing logic, and minimal SQLite-backed per-user state. The code does not access other system paths, network endpoints, or environment variables beyond the documented optional overrides.
- Install Mechanism
- okNo install spec or remote downloads; code is provided in the skill bundle and declares no external runtime dependencies. No archive extraction or third-party package installation is requested.
- Credentials
- okNo required environment variables or secrets. Two optional env vars (ANSWER_LIBRARY_DB and ANSWER_LIBRARY_BOOKS) are documented and serve clear, proportional purposes (override DB location and books file).
- Persistence & Privilege
- noteSkill persists minimal per-user state (last_question, last_answer, last_book, last_timestamp) to a local SQLite DB in the skill's data directory by default. This is consistent with its stated anti-duplicate and switch-book features; consider where that DB will be created and whether that location is acceptable.