Back to skill
Skillv1.1.0
ClawScan security
Cli Toolkit Cn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 6:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only Chinese “CLI toolkit” that provides command examples and script templates; its requirements and instructions are consistent with that purpose and it does not request credentials, installs, or unusual privileges.
- Guidance
- This skill is a coherent snippet/cheatsheet for shell usage and appears safe to install. Before running any suggested commands or scripts, review them carefully — some examples perform destructive actions (rm -rf, tar over system paths), send mail, or contact external services (curl). Replace placeholder values (e.g., admin@example.com, /data, /backup) with your own, and never paste these commands into a shell without understanding them. Also note the skill has no published source or homepage; if provenance matters to you, prefer skills with a known author or repository.
Review Dimensions
- Purpose & Capability
- okName/description (命令行工具箱) match the content: collections of shell commands, aliases, and script templates. There are no unrelated environment variables, binaries, or install steps requested.
- Instruction Scope
- okSKILL.md contains examples and templates only (command snippets, scripts, aliases). It does not instruct the agent to read arbitrary system files, exfiltrate secrets, or contact unexpected remote endpoints. Note: some example commands (curl ifconfig.me, mail, tar on /data, or aliases starting a web server) have side effects if actually executed on a host — the document itself is examples only.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This is the lowest-risk install posture (nothing is written to disk by the skill).
- Credentials
- okSkill does not request environment variables, credentials, or config paths. Example scripts reference generic paths/emails (e.g., /backup, admin@example.com) which are placeholders and not secret access requests.
- Persistence & Privilege
- okalways:false and normal user-invocable/autonomous invocation defaults. The skill does not request permanent presence or modify other skills or system-wide settings.