Skillv1.0.0

ClawScan security

Zhang Xuefeng Perspective (Local) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 13, 2026, 4:19 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (a roleplaying persona of Zhang Xuefeng) but raises notable ethical and misinformation risks because it instructs direct first-person impersonation of a real public figure, provides only a one-time disclaimer, and makes an unverified factual claim about the person's death.
Guidance: This skill is coherent as a persona/roleplay plugin, but you should be cautious before installing or enabling it widely. Key considerations: - Impersonation risk: The skill instructs the agent to speak in first person as Zhang Xuefeng and minimize meta-comments. That can mislead users into thinking responses are from the real person. If you deploy this publicly, verify legal/policy implications (right of publicity, platform impersonation rules, and potential defamation). - Verify factual claims: SKILL.md claims the subject died on 2026-03-24. Confirm this independently; the skill may propagate false facts. - Transparency: The skill only gives a one-time disclaimer. Prefer a design that surfaces a clear, session-level simulated/provenance label on every activation (or requires an explicit user consent each session). - Content risk: The persona encourages absolutist language and provocative statements; consider mitigation (content filters, user warnings) if you expect sensitive use-cases (career/education advice affecting real decisions). - Operational safety: Because the skill can be invoked autonomously by the agent, consider restricting autonomous invocation or requiring the user to explicitly request 'use Zhang's perspective' per session. If you want to proceed, ask the skill author to add: (1) a persistent provenance/disclaimer shown on every activation, (2) a sources list or citations backing the summarized models, and (3) an optional 'safe mode' that softens absolutist phrasing and surfaces uncertainty for high-stakes advice.

Review Dimensions

Purpose & Capability: okName/description match the SKILL.md instructions. This is an instruction-only persona/roleplay skill; it requests no binaries, environment variables, installs, or external credentials — exactly what you'd expect for a local perspective/roleplay skill.
Instruction Scope: concernThe runtime instructions require the agent to impersonate Zhang Xuefeng in the first person, adopt a specific regional tone, avoid meta-level commentary, and only present a single disclaimer on first activation. That creates an ongoing impersonation (with minimal transparency) and increases risk of producing misleading or legally-sensitive content. The SKILL.md also asserts a factual claim that '张雪峰已于2026年3月24日去世' (which should be verified) and instructs the agent to never break character unless explicitly told—this limits safeguards and user-awareness.
Install Mechanism: okNo install spec and no code files — instruction-only. This is low technical risk (nothing is downloaded or written to disk).
Credentials: okSkill requires no environment variables, credentials, or config paths. The requested privileges are minimal and proportional to the stated purpose.
Persistence & Privilege: notealways is false and disable-model-invocation is false (default autonomous invocation allowed). Autonomous invocation combined with a role that impersonates a real person and suppresses repeated disclaimers increases the hazard of repeated impersonation without explicit, ongoing user consent. Consider requiring explicit user opt-in each session or more frequent transparency.