Skillv1.0.1

ClawScan security

OpenClaw 聊天机器人构建器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

ReviewMar 15, 2026, 5:59 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's description promises multi‑platform chatbot building, but the provided runtime instructions contain only marketing text and there are no declared credentials, integration details, or installation steps — the implementation is missing or inconsistent with the claimed capability.
Guidance: This package appears to be a marketing/placeholder entry rather than an implemented skill. Before installing or using it, ask the publisher for: (1) concrete runtime instructions showing how the agent will integrate with WeChat/钉钉/Telegram; (2) a list of required credentials and where those credentials will be used/stored; (3) source code or an install spec and a homepage or documentation; and (4) a privacy/security statement about handling user data and tokens. Because the owner and source are unknown and the SKILL.md contains no operational details, treat it as non‑operational and potentially incomplete — do not provide platform API keys or sensitive tokens until you have clear, verifiable implementation and hosting information.

Purpose & Capability: concernThe name/description claim multi‑platform integration (WeChat/钉钉/Telegram), automation, and batch processing, but the skill requests no credentials, binaries, config paths, or installation. Real integrations would normally require API keys, webhooks, SDKs, or at least concrete integration instructions — their absence is incoherent with the stated purpose.
Instruction Scope: concernSKILL.md is marketing copy (features, pricing, ROI) and contains no runtime instructions for the agent (no steps to create bots, call platform APIs, or handle credentials). This makes the skill non‑operational and ambiguous about what the agent is allowed/expected to do.
Install Mechanism: okNo install specification and no code files are present, so nothing will be written to disk or automatically installed. This minimizes install risk, but also means the skill as provided has no implementation.
Credentials: concernNo environment variables, credentials, or config paths are declared despite claiming integrations that normally require platform tokens. The omission is disproportionate and suggests required secrets or integration steps are missing or being hidden.
Persistence & Privilege: okThe skill does not request persistent presence (always:false), has no install actions, and does not declare privileges or access to other skills or system configuration.