Back to skill
Skillv1.0.1
ClawScan security
复旦 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 6, 2026, 12:49 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only informational skill about Fudan University and is internally consistent: it requests no credentials, performs no installs, and its runtime instructions are purely content, matching the stated purpose.
- Guidance
- This skill appears to be a harmless informational module about Fudan University. Before installing, consider: (1) provenance — the author/source/homepage are unknown, so verify facts if accuracy matters; (2) privacy — avoid sending sensitive personal data to any skill even if it looks benign; and (3) updates — because it's static content, it may become outdated. There are no requests for credentials, no installs, and no actions that would access your system or data.
Review Dimensions
- Purpose & Capability
- okThe name and description match the provided SKILL.md content, which is a factual/encyclopedic write-up about Fudan University. The skill does not request unrelated capabilities or credentials. Note: the skill's source/homepage is unknown, which affects provenance but not functional coherence.
- Instruction Scope
- okSKILL.md contains only descriptive content and 'usage' guidance for users; it does not instruct the agent to read files, access environment variables, call external endpoints, or execute commands. There is no scope creep in the instructions.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). This is low-risk: nothing will be written to disk or installed by the skill itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. No sensitive access is requested and nothing in SKILL.md attempts to read hidden config or secrets.
- Persistence & Privilege
- okThe skill is not marked always:true and uses default invocation settings (user-invocable, agent may invoke autonomously). Those defaults are normal; there is no evidence the skill requests elevated persistent privileges.