Skillv1.0.0

ClawScan security

GTC Intelligence · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 2:11 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's name and instructions match: it's an on‑site/remote intelligence collection plan for GTC 2026 — but it explicitly targets non‑public / semi‑public signals, is vague about collection methods, has no provenance, and lacks safeguards, creating real potential for misuse or scope creep.
Guidance: This skill is essentially a playbook for collecting and validating non‑public / semi‑public intelligence around GTC products and supply chains. Technically it is coherent and low‑risk to install (no code, no credentials), but it has several practical and ethical concerns: (1) origin is unknown (no homepage), so you can't verify the author or intent; (2) instructions are broad/vague about collection methods and include on‑site questioning and remote monitoring — this can enable social engineering or acquisition of proprietary information if the agent is allowed to act autonomously; (3) there are no safeguards or rules of engagement (legal/ethical constraints, do‑not‑collect lists, logging or human approval gates). Before installing, consider: only run this with explicit human oversight; restrict autonomous invocation or require manual approval for any contact or data‑collection actions; limit the skill to public/open sources only (search results, official docs, press releases); ensure organizational legal/privacy review approves the intelligence collection scope; and prefer skills with verifiable authorship. If you will not enforce those controls, avoid installing or running this skill.

Review Dimensions

Purpose & Capability: noteName/description and SKILL.md are coherent: the skill is an information collection plan to validate non‑public and semi‑public signals before GTC. However the registry entry has unknown source and no homepage, which reduces provenance and trust. Nothing in the skill requests unrelated system credentials or installs, so capability requests are proportionate to stated purpose.
Instruction Scope: concernSKILL.md instructs the agent/team to verify non‑public/half‑public signals via on‑site questioning, remote monitoring, and supply‑chain checks and includes detailed question lists. The instructions do not tell the agent to read local files or env vars, but are broad and open‑ended about collection methods (e.g., '远程监控', '现场验证'), which gives the agent wide discretion and could enable social‑engineering or other ethically/legally questionable collection techniques. There are no explicit safeguards or constraints on what sources or tactics are allowed.
Install Mechanism: okInstruction‑only skill with no install spec and no code files present. This is low technical risk — nothing is written to disk or fetched at install time.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There's no disproportionate access to secrets or unrelated services declared.
Persistence & Privilege: notealways:false and no special persistence requested. However model invocation is enabled (default), so the agent could autonomously run intelligence‑gathering workflows that the SKILL.md describes; combined with the skill's goal of collecting non‑public information, that increases the potential blast radius if misused. Recommend requiring human approval for sensitive actions.