Back to skill
Skillv1.0.0
ClawScan security
China Social Policy Public Data · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 20, 2026, 2:56 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (searching and summarizing official Chinese social-security, medical-insurance, and housing-fund policies) matches its instructions and it requests no installs, binaries, or credentials — the bundle is internally coherent.
- Guidance
- This skill appears coherent and low-risk because it is instruction-only, asks for no credentials, and restricts itself to official public sources. Before installing: confirm your agent/runtime has safe web access (so the skill can fetch official pages), ensure you do not paste sensitive personal identifiers into queries (the skill is for public-policy lookup, not case handling), and verify answers by opening the cited official links yourself before acting. If the skill later requests credentials, local files, or to install software, treat that as unexpected and revoke/uninstall until you can validate the change.
Review Dimensions
- Purpose & Capability
- okName, description, and metadata describe a public-policy lookup assistant; SKILL.md limits sources to official, public domains and the required capabilities (query/aggregate/annotate official policies) match that purpose. No unrelated credentials, binaries, or accesses are requested.
- Instruction Scope
- okRuntime instructions restrict the agent to using public, authoritative sources, to cite sources and dates, and explicitly prohibit giving case judgments or personalized guarantees. There are no steps that ask the agent to read local files, environment variables, or transmit data to unspecified external endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This minimizes on-disk code risk and there are no downloads, package installs, or extracted archives to review.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The scope and lack of secret access are proportional to a read-only public-data lookup assistant.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide privileges or modify other skills. Normal autonomous invocation is allowed but is not combined with any broad access or credential requests.