Skillv1.0.0

ClawScan security

流量重组洗稿虾 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 7:39 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is internally consistent: it provides rules, checks, and a small helper script for rewriting content and does not request credentials, install anything, or perform unexpected actions.
Guidance: This skill appears coherent and implements a local prompt-builder plus clear rewrite rules, but consider the following before installing or using it: - Copyright and platform rules: Rewriting/"洗稿" can still infringe copyright if unique expressions, large verbatim blocks, or exclusive data are reused. Do not feed confidential or copyrighted material unless you have rights; verify outputs with a plagiarism tool or legal review for high-risk content. - Compliance is partly heuristic: The SKILL.md and references define thresholds and sensitive-word checks, but the package provides no automated duplication checker. If you need legal certainty, run a dedicated duplication/plagiarism scan on outputs. - Model invocation: The script only generates prompts; actual rewriting will occur when your agent/LLM processes those prompts. Ensure the model you use and any downstream services comply with privacy and content policies and that you don't inadvertently send secrets in prompts. - Ethical/platform risk: The skill intentionally preserves "viral hooks" (钩子/传播结构). This is expected for the stated purpose but may encourage tactics that skirt platform policies—review final outputs for policy compliance and avoid using it to evade takedowns or platform enforcement. Overall: technically coherent and low-risk from a packaging/permissions perspective, but treat legal/copyright risk as a separate operational concern and verify outputs before publishing.

Review Dimensions

Purpose & Capability: okName/description (content rewrite, cross-platform adaptation, compliance) match the included materials: SKILL.md, rewrite rules, viral-gene model, compliance checklist, and a small prompt-generator script. Nothing requested (no env vars, binaries, or installs) is out of scope for a content-rewriter.
Instruction Scope: noteRuntime instructions focus on analyzing and rewriting text, selecting rewrite depth, and running a local script to build structured prompts. They also require estimating duplication and checking platform-sensitive words. Note: the skill instructs aiming for low duplication (<10%) but provides no automated plagiarism-checking tool—that step is a manual/heuristic compliance check, so outputs should still be verified with a dedicated plagiarism tool if legal certainty is needed.
Install Mechanism: okNo install spec; the skill is instruction-only plus a small Python script. There are no external downloads or installers, and the script performs only local prompt generation and I/O.
Credentials: okThe skill requests no environment variables, credentials, or config paths. All required inputs are provided by the user at runtime (text, file paths, depth/style/platform flags).
Persistence & Privilege: okalways is false and the skill does not attempt to modify other skills or system-wide settings. It requires no persistent presence or elevated privileges.