Back to skill
Skillv1.0.0
ClawScan security
躺平.skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 7:19 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only persona skill whose requirements and instructions match its stated purpose and do not request extra credentials, installs, or access to unrelated system data.
- Guidance
- This skill is coherent and low-risk: it only changes how the agent responds when explicitly invoked and does not ask for credentials or install code. Before enabling it for regular use, remember it intentionally refuses to do productive work while active — test it in a controlled conversation to confirm the behavior. If you ever want to stop it, ask the agent how to disable/remove the skill (SKILL.md permits answering such requests) or remove the skill from your agent's configuration.
Review Dimensions
- Purpose & Capability
- okName, description, and files all describe a satirical "lying flat" persona. There are no requested binaries, env vars, config paths, or external installs that are unrelated to that purpose.
- Instruction Scope
- okSKILL.md contains only behavioral instructions for the persona (output quotes, refuse work, mockery style, exceptions for crisis or inspection). It does not instruct the agent to read files, access environment variables, call external endpoints, or exfiltrate data. It explicitly preserves higher-priority safety exceptions.
- Install Mechanism
- okNo install spec and no code files beyond SKILL.md and a small agents/openai.yaml. As an instruction-only skill, nothing is written to disk or downloaded during install.
- Credentials
- okThe skill requests no environment variables, secrets, or credentials. There are no config path requirements. Requested permissions are proportionate (none) to the stated functionality.
- Persistence & Privilege
- okRegistry metadata shows always:false. The included agents/openai.yaml sets allow_implicit_invocation: false, so it is not allowed to be implicitly invoked by policy in that file. The skill does not request permanent system presence or modify other skills' configs.