Skillv1.0.0

ClawScan security

Baby Planner 备孕孕期全程助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 12, 2026, 9:56 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, instructions, and requirements are coherent with a baby‑planning / pregnancy assistant: it contains local Python utilities and many content templates and does not request credentials, install packages, or network access.
Guidance: This skill appears coherent and self-contained: it provides templates, local calculators and name suggestion scripts and requests no credentials. Before running code from an unknown author, you should: 1) inspect the scripts yourself (they are short and readable) or run them in a sandboxed environment; 2) avoid entering sensitive secrets or production credentials into any prompts (the scripts require birthdates/names only); 3) be aware the content includes health advice — verify medical recommendations with a qualified professional; 4) note the SKILL.md references some placeholder/mismatched documentation filenames — confirm any missing references you care about. If the skill later adds network calls, environment variables, or downloads, re-evaluate for risk (that would raise concerns).

Review Dimensions

Purpose & Capability: noteName, description, SKILL.md and the included scripts (pregnancy_calc.py, checklist_generator.py, name_suggester.py, example.py) are consistent with a pregnancy/baby planner. Minor inconsistency: SKILL.md references some reference filenames (e.g., references/pregnancy_timeline.md, references/naming_guide.md, references/hospital_checklist.md, references/public_account_templates.md) that do not exactly match the actual manifest filenames (the manifest contains pregnancy_stages.md, baby_milestones.md, feeding_guide.md, api_reference.md). These appear to be documentation/placeholders rather than functional mismatches and do not affect capability alignment.
Instruction Scope: okSKILL.md contains only functional instructions and content templates related to pregnancy, baby naming, templates and records. It does not instruct the agent to read unrelated system files, access environment variables, or transmit data to external endpoints. The included scripts operate locally (print output) and do not perform network I/O or read/write sensitive system paths.
Install Mechanism: okNo install specification — instruction-only plus local Python scripts. Nothing is downloaded or written by an install step, which is the lowest‑risk install pattern.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths. The code does not reference environment variables or secrets. All requested resources are proportional to the stated purpose.
Persistence & Privilege: okalways is false and the skill does not request persistent/system-wide privileges. There are no instructions or code to modify other skills or agent configuration. Agent autonomous invocation is allowed by default (disable-model-invocation is false), which is normal.