Skillv0.1.0

ClawScan security

Xungen · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 14, 2026, 8:12 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: An instruction-only, entertainment/history skill that maps surnames/regions to alleged Shang-era affiliations; its requested footprint (no installs, no secrets) matches its description.
Guidance: This skill is instruction-only and coherent with its stated purpose: it uses internal tables and rules to produce a playful 'Shang-era ancestry report' from a surname or region. There are no installers or credential requests, so the technical risk is low. Things to consider before installing or using: (1) Accuracy — the output mixes documented associations, reasonable hypotheses, and explicit 'fun' speculation; do not treat the result as rigorous genealogy or archaeological proof. (2) Privacy — you only need to give surnames or regions; avoid sharing sensitive personal identifiers if you want privacy. (3) Hallucination risk — because the skill is instructed to produce a result immediately, ambiguous inputs may lead to invented-sounding details; verify any important claims with authoritative sources. If the skill later adds external data sources, install scripts, or environment variables, re-evaluate before use.

Purpose & Capability: okThe skill's name/description (Shang-era surname mapping) align with its content: SKILL.md contains mapping tables, matching rules, output templates and interaction rules. It does not request unrelated binaries, credentials, or config paths.
Instruction Scope: noteSKILL.md instructs the agent to act as an archaeologist and produce an entertainment '鉴定书' from a supplied surname/region. The instructions are narrowly scoped to generating historical/creative text and include explicit constraints (mark evidence vs. conjecture; do not fabricate specific oracle-bone inscriptions). Caveat: the skill asks the agent to produce results on first turn without clarifying questions, which raises a non-security risk of hallucinated or low-evidence claims when input is ambiguous.
Install Mechanism: okNo install spec and no code files — instruction-only — so nothing is written to disk and no third-party packages are fetched.
Credentials: okThe skill requests no environment variables, credentials, or config paths. All declared requirements are empty and proportionate for a content-generation skill.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request permanent presence or system-level config changes. Autonomous invocation (default) is allowed but not combined with other concerning privileges.