political-struggle-history
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent history-explanation skill, with optional web search that uses Bash, a Python helper, and a Tavily API key.
Safe to install for local historical explanations. If you use the --search feature, be aware it runs a Python helper through Bash, requires a Tavily API key, and sends the search query to Tavily; avoid sensitive queries and prefer the package-relative script path.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user invokes search, the agent may run a local command rather than only reading the bundled history files.
The skill grants Bash and instructs the agent to run a local Python helper for the optional search mode. This is disclosed and purpose-aligned, but Bash is a broad tool surface.
allowed-tools: Read, Bash ... python "$(dirname "$SKILL_PATH")/scripts/search_views.py" "$ARGUMENTS" --lang both --format markdown
Use the search mode only when you want external results, and keep Bash use limited to the packaged search script.
Using search requires placing a Tavily API key in the environment, which may incur provider usage and should be treated as a credential.
The optional search feature uses a provider API key. This is expected for Tavily search and there is no artifact evidence of logging or unrelated credential use, but it is under-declared in registry metadata.
前置条件:需要环境变量 `TAVILY_API_KEY`。如果未设置,提示用户:export TAVILY_API_KEY="your-key-here"
Set a Tavily key only if you need web search, use a limited/revocable key if possible, and avoid sharing unrelated credentials.
On another machine, the fallback path may fail or could point to code outside the reviewed skill package if such a path exists.
The fallback command references a hardcoded local path outside the portable skill-relative path. This is not malicious by itself, but it weakens provenance and portability if used.
如果 `$SKILL_PATH` 不可用,使用绝对路径:python /Users/hazelnut/Documents/Skills/chinese-political-struggles/scripts/search_views.py "$ARGUMENTS" --lang both --format markdown
Prefer the package-relative command and remove or replace the hardcoded developer-local fallback path.
Search terms entered with --search are sent to a third-party search API.
The helper sends the user's event/search query to the Tavily external search provider. This is disclosed and aligned with the search feature.
client = TavilyClient(api_key=api_key) ... response = client.search(query=query, max_results=max_results, search_depth="advanced", include_answer=False)
Do not use --search for private or sensitive topics you do not want sent to Tavily.