Skillv2.0.0

ClawScan security

Ada Lovelace · 诗性科学视角 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 14, 2026, 9:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: This is an instruction-only persona skill that is mostly coherent with its stated creative/analytical purpose, but it contains prompt-injection indicators (unicode control characters) and claims internal research artifacts that are not supplied — these inconsistencies merit caution.
Guidance: This skill is an instruction-only persona that otherwise looks coherent for creative/analytical guidance, but two things increase risk: (1) the SKILL.md contains unicode control characters (possible prompt-injection/obfuscation), and (2) it repeatedly references research files and 'Agent Swarm' artifacts that are not included. Before installing or invoking widely: inspect the SKILL.md text for hidden/zero-width characters, ask the publisher for provenance and the missing research files, run the skill in a sandboxed environment, avoid passing secrets or sensitive data into prompts used with this skill, and prefer manual invocation rather than enabling broad autonomous use until you are comfortable with its origin and content.
Findings: [unicode-control-chars] unexpected: Hidden/unicode control characters are not expected for a persona/instruction-only skill. They can be used to manipulate parsing or to hide additional instructions; this finding increases risk and should be investigated (e.g., inspect SKILL.md for zero-width or control characters).

Review Dimensions

Purpose & Capability: okName/description (Ada-Lovelace poetic-scientific persona) match the SKILL.md instructions: the skill is a guidance/persona template for answer style and reasoning. It requests no binaries, env vars, or installs — which is proportionate for a persona/instruction-only skill. However, the documentation repeatedly references internal research artifacts (e.g., '6个并行Agent Swarm(196KB)', files like 01-writings.md) that are not present in the package; this is likely descriptive but is an inconsistency users should be aware of.
Instruction Scope: concernThe SKILL.md provides detailed runtime instructions for agent style, workflows, heuristics and constraints (role rules, response scaffolding, required rhetorical forms). It does not instruct reading system files, environment variables, or sending data to external endpoints — which is good. However, a pre-scan found 'unicode-control-chars' injection patterns in the SKILL.md, and the skill claims internal assets (agent swarm outputs and several .md files) that aren't included. The presence of hidden/control characters is a red flag because they can be used to obfuscate instructions or manipulate downstream processing.
Install Mechanism: okNo install spec and no code files — lowest-risk distribution. Nothing is written to disk by an installer because there is none.
Credentials: okThe skill requires no environment variables, no credentials, and no config paths. There is no apparent need for elevated access or secrets for the described persona task.
Persistence & Privilege: okFlags show always:false and normal agent invocation. The skill does not request permanent presence or system configuration changes.