minor-detection
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is purpose-aligned and openly discloses its remote minor-detection pipeline, but it handles sensitive chat/profile data and API credentials that users should configure carefully.
Install only if you are comfortable sending the relevant chat history, profile hints, and metadata to the configured classifier service. Use a dedicated API key, verify the endpoint and package source, avoid untrusted retrieved-case inputs, and run it in an environment where temporary files and process arguments are not exposed to other users.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive chat histories and minor/age-profile signals may leave the local environment and be processed under the remote provider's controls.
The skill explicitly sends chat content, profile/history signals, and metadata to a configured remote model endpoint.
控制脚本会在分类阶段把对话文本、时间线索、历史画像、身份提示以及相关元数据发送到你显式配置的远程模型接口。
Use this only with a trusted classifier endpoint, confirm the data is allowed to be sent externally, and avoid the skill for local-only or highly restricted data.
An over-scoped or reused API key could expose service access, billing, or model-provider account privileges if mishandled.
The classifier client uses the configured API key as a bearer credential when calling the remote classifier API.
"Authorization": f"Bearer {api_key}"Use a dedicated least-privilege API key for this skill, store it only in the intended environment variable, and rotate it if exposed.
Untrusted or fabricated retrieved cases or prior profile data could skew the minor-likelihood output.
Caller-supplied retrieved cases are accepted as evidence for the classifier path when present.
existing = normalized_payload["context"].get("retrieved_cases") or [] ... "mode": "external_rag" ... return list(existing)Only provide retrieved cases and prior profiles from trusted sources, and treat the final result as decision support rather than an unquestioned fact.
On shared systems or verbose process/log monitoring, parts of sensitive chat text could be exposed through command-line visibility or observability records.
A retrieval query derived from conversation text is passed to a subprocess as a command-line argument.
"CONVERSATION_TEXT": normalized_payload["conversation_text"] ... _run_json_script(RETRIEVE_SCRIPT_NAME, ["--query", retrieval_query, ...])
Run the skill on a trusted host and avoid logging full command lines; a future version should prefer stdin or a protected temporary file for sensitive query text.
If unreviewed retrieval assets are later added or replaced, loading the pickle index could execute code locally.
The retrieval helper can deserialize a local pickle index, which is unsafe if that index file is malicious or tampered with.
with open(self.index_path, "rb") as handle: index_data = pickle.load(handle)
Use only reviewed retrieval assets and consider replacing pickle with a safer signed or structured data format.