Skillv1.0.0

ClawScan security

一人公司实战指南 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 26, 2026, 3:33 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only, content-first guide for running a one-person AI-driven business; it contains no code, install steps, or requests for credentials and its requirements align with its stated purpose.
Guidance: This skill is a text-only guide and appears coherent with its purpose. Before installing or using it: (1) remember it does not include code, so it cannot act on your system by itself; (2) if you choose to integrate recommended third-party services (Claude, ChatGPT, Zapier, payment platforms), supply API keys or account details only through trusted configuration flows — do not paste secrets into chat unless you intend to share them; (3) check your agent's autonomy settings if you do not want the agent to call other skills or take actions without confirmation; (4) if a future version adds an install step, network calls, or environment variable requirements, re-evaluate because those would change the security posture.

Purpose & Capability: okThe name and description (one-person company operations) match the SKILL.md content. All recommendations are about processes, tools, and SOPs; there are no requests for unrelated system access or credentials.
Instruction Scope: okSKILL.md is a prose guide and SOP templates. It does not instruct the agent to run shell commands, read local files, access system config, or send data to any unexpected external endpoints. Mentions of external services (Claude, ChatGPT, Zapier, etc.) are generic recommendations, not operational directives that request secrets.
Install Mechanism: okThere is no install spec and no code files. Being instruction-only means nothing will be written to disk or fetched at install time.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. It references third-party APIs/tools as suggestions, which is reasonable for the topic; however, any integration will require the user to supply their own credentials externally.
Persistence & Privilege: okalways is false and the skill does not request elevated or persistent system privileges. It does not modify other skills or global agent settings in the provided instructions. Normal autonomous invocation is allowed by platform default.