skillscope
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could install a recommended skill based on a third-party recommendation and command.
The skill relies on an external service response to provide install commands for other skills. This is purpose-aligned, but installation changes the user's agent environment and should be verified before running.
User wants to install → provide the `install` command from the response
Review the recommended skill, source, and exact install command before installing; prefer official ClawHub installs when available.
Task descriptions or context could reveal user intentions, platform, region, or budget to the external Skillscope service.
The documented workflow sends the user's task and optional context to an external API. This is disclosed and central to the skill, but the data leaves the local agent.
curl -X POST "https://skillscope.cn/api/v1/recommend" ... -d '{"task": "translate a PDF document to Chinese", "context": {"platform": "macos", "region": "cn", "budget": "free"}, "explain": true}'Avoid including sensitive personal, business, or confidential details in recommendation requests unless you are comfortable sending them to the service.
A safety grade may influence installation decisions for other skills.
The skill presents third-party safety grades for other skills. This is aligned with its purpose, but users may over-trust the grade without independently reviewing the recommended skill.
Security grades: A (safe) / B (limited access) / C (review needed) / D (risky)
Treat safety scores as advisory and still inspect the recommended skill's permissions, source, and behavior before installation.