Back to skill
Skillv1.0.0
ClawScan security
最强大脑 AI 公司工作流程规范 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 9:07 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only workflow template for managing tasks in four phases (plan → confirm → execute → report); it requests no credentials, installs, or elevated privileges and its content matches its stated purpose.
- Guidance
- This skill is a set of process templates and appears internally consistent and low-risk. Before installing, confirm you or your team want the agent to follow these formal confirmation-and-execute rules (it requires the agent to wait for the exact confirmation phrase). Also verify any downstream actions (e.g., committing/pushing Git, running scripts) are implemented in other skills or tool integrations with explicit user consent—this document alone does not perform code execution or network actions.
Review Dimensions
- Purpose & Capability
- okThe name and description describe a company workflow standard; the SKILL.md contains templates, role responsibilities, and step-by-step guidance that directly implement that purpose. There are no unrelated requirements.
- Instruction Scope
- okRuntime instructions are process and template guidelines (plan generation, await explicit user '确认执行', logging, reporting). They do not instruct the agent to read arbitrary system files, access environment variables, perform network exfiltration, or run code without user confirmation.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. All suggested outputs (Git commit info, file paths) are part of normal reporting and proportional to the workflow purpose.
- Persistence & Privilege
- okThe skill is not forced-always, does not request persistent privileges, and does not modify other skills or system-wide settings. It requires explicit user confirmation before execution per its own rules.