Back to skill
Skillv1.0.0
ClawScan security
prompt-optimizer-cn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 2:53 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only Chinese prompt-optimization skill whose declared behavior, resource needs, and instructions are internally consistent with its stated purpose.
- Guidance
- This skill is instruction-only and appears coherent for its stated purpose. Before installing: (1) confirm your platform enforces the 'only when user asks' invocation if you require that guarantee (the SKILL.md forbids automatic triggering but model invocation is allowed by default), (2) test the skill with non-sensitive prompts to validate it truly preserves critical signals and does not leak or alter intent, and (3) avoid placing secrets or sensitive data inside prompts you feed to the optimizer (the skill processes prompt text but has no declared protections). If you need higher assurance, request the ACON/APE paper references or a transparency note from the publisher about how strict verification is implemented.
Review Dimensions
- Purpose & Capability
- okName and description (prompt optimizer for complex tasks using ACON+APE) match the SKILL.md instructions. The skill does not request unrelated credentials, binaries, or config paths — nothing requested appears extraneous to prompt optimization.
- Instruction Scope
- okSKILL.md provides a narrow, prescriptive workflow (parse input, extract key signals, generate 5 candidates, score, compress, iterate on feedback). It only operates on the user-provided prompt and user feedback; it does not instruct reading files, environment variables, or calling external endpoints. The '100% retain key signals' and strict verification steps are procedural guarantees in the text (effectiveness claims) not additional runtime privileges.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. No downloads or package installs are declared, so there is no installation risk.
- Credentials
- okNo environment variables, credentials, or config paths are required. The skill does not ask for unrelated secrets or broad system access.
- Persistence & Privilege
- noteThe SKILL.md repeatedly states the optimizer must only trigger when the user explicitly requests it ('绝不自动触发'), but the skill metadata leaves model invocation enabled (disable-model-invocation: false). Autonomous invocation alone is not a security flaw, but there is a minor mismatch between the skill's self-imposed restriction and the platform-level invocation setting — you should confirm the platform enforces the 'user-request-only' behavior if that guarantee matters to you.