ClawHub
Back to skill
v1.0.0

geo-optimization-cn

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:10 AM.

Analysis

The artifacts describe a coherent Chinese marketing-content generator with purpose-aligned document reading, Word output, and dependency installation, and no evidence of hidden exfiltration or destructive behavior.

GuidanceThis skill appears safe for its stated purpose. Before installing, be comfortable with installing the listed Python dependencies, use careful file paths to avoid overwrites, and avoid sending confidential company documents or unredacted business details to Claude unless that is allowed by your policies.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
uv tool install markitdown

# 安装 python-docx(用于生成Word)
pip install python-docx

The skill asks the user to install third-party packages, and the commands do not pin versions. This is purpose-aligned for reading and generating Word documents, but users should still trust the package sources.

User impactInstalling these packages gives third-party code a place in the local workflow.
RecommendationInstall from trusted package indexes, consider using a virtual environment, and pin versions if reproducibility matters.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/convert_to_word.py
with open(md_file, 'r', encoding='utf-8') as f:
        content = f.read()
...
    doc.save(output_file)

The conversion helper reads a user-supplied Markdown path and writes a user-supplied Word output path. This is expected for the skill's purpose, but it can overwrite or create files at the chosen destination.

User impactA mistaken output path could overwrite an existing document.
RecommendationUse explicit, safe input/output paths and keep backups of important files before conversion.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
quickref.md
python business_content_generator.py kb ./公司资料.docx
# → 复制输出的提示词给Claude
# → Claude生成QA内容

The workflow tells the user to copy generated prompts to Claude, likely based on the contents of company Word documents. This is purpose-aligned, but users should understand that business document content may be provided to an AI model.

User impactConfidential company materials could be included in prompts sent to an AI provider if the user follows this workflow.
RecommendationReview and redact sensitive document content before sending prompts to Claude, and follow your organization's AI data-use policy.