Back to skill
Skillv1.0.0
ClawScan security
Qiushi Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 13, 2026, 4:19 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only collection of methodology skills (no code, no installs, no credentials) whose requirements match its stated purpose; it mainly provides internal decision rules and skill-selection guidance.
- Guidance
- This package is an instruction-only set of internal reasoning / workflow rules — there is no code, no network or file access, and it does not ask for credentials, so its technical footprint is small. Primary considerations for you before installing: (1) source and provenance: the repo/homepage is not authoritative in the package metadata, so if you need trust, find and review the upstream repository or author. (2) bias and policy: the skills explicitly encode a specific political/methodological framework which will shape the agent's reasoning and decision-making; if you need a neutral assistant, do not enable automatic invocation of these skills or review/modify the SKILL.md files first. (3) runtime behavior: these skills can be invoked automatically by the agent (normal platform behavior); if you prefer to avoid automatic influence, disable autonomous invocation or only enable manual invocation. No technical red flags found.
Review Dimensions
- Purpose & Capability
- okName/description (methodology skills based on Maoist principles) align with what is present: SKILL.md files containing trigger rules and procedures. There are no surprising binaries, env vars, or credential requests.
- Instruction Scope
- okRuntime instructions are prose guidance for reasoning, task analysis, and calling other internal skills. They do not instruct shell commands, network endpoints, file reads, or access to external credentials.
- Install Mechanism
- okNo install spec or downloadable artifacts are present — this is instruction-only, so nothing is written to disk or fetched during install by the skill bundle itself.
- Credentials
- okNo environment variables, credentials, or configuration paths are requested. The lack of secrets or external tokens is proportionate to the declared purpose.
- Persistence & Privilege
- noteSkill descriptions indicate some skills (e.g., arming-thought) are intended to run at the start of top-level dialogs. Flags show always:false and model invocation enabled (the platform default). This gives the skill influence over agent reasoning but does not grant extra system privileges or persistent access.