ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Canon Cn

v1.0.6

提供佳能相机、打印机及镜头信息,价格查询和技术支持,助您了解和选购佳能影像设备。

0· 81·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's metadata/description promises price lookup and technical support for Canon products, but the SKILL.md only instructs the agent to provide background/company information, product overviews, market presence, and recent news. That functional gap is an incoherence (likely incomplete or misleading documentation) but not evidently malicious.
Instruction Scope
SKILL.md is short and narrowly scoped: it tells the agent when to read the skill and what topics to cover. It does not instruct reading unrelated files, accessing environment variables, or contacting external endpoints beyond what a content skill would do.
Install Mechanism
No install spec and no code files — instruction-only. This presents minimal risk because nothing is written to disk or downloaded.
Credentials
The skill requests no environment variables, credentials, or config paths. Requested access is proportionate (i.e., none) to the declared functionality.
Persistence & Privilege
always:false and default invocation settings. The skill does not request elevated persistence or modify other skills; autonomous invocation is allowed by platform default and not by itself a concern here.
What to consider before installing
This skill is low-risk (no installs or credentials) but appears incomplete or misleading: its description advertises price checks and technical support while the runtime instructions only cover background and market information. If you need price lookup or support functionality, ask the publisher for a clearer SKILL.md or a homepage explaining how those features work. Because the source and homepage are unknown, prefer only installing if you accept the limited, read-only behavior described in SKILL.md; avoid sharing any credentials (none are requested) and monitor for unexpected behavior after enabling.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bv0207pcf16t91sxz4x21c584wfec

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments