Skillv1.0.3

ClawScan security

这是我的test3 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 19, 2026, 8:25 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The runtime instructions are a simple GitHub (gh CLI) helper, but the registry metadata (slug 'trello3', ambiguous name/description) doesn't match the skill content — this mismatch is suspicious even though the skill itself is instruction-only and requests no secrets.
Guidance: Before installing: 1) Confirm whether you expected a GitHub skill — ask the publisher to fix the slug/name if it should be 'github' rather than 'trello3'. Metadata mismatches can be benign (packaging error) but also a sign of sloppy or malicious republishing. 2) Ensure you have the gh CLI installed and that you understand which repository (owner/repo) commands will target. 3) The skill requests no credentials, but verify any runtime prompts from your agent before it runs commands that could alter repositories. 4) If you don't want the agent to invoke the skill autonomously, disable autonomous invocation in your agent settings. 5) If unsure, run the skill in a restricted/test environment or ask the author for clarification and an updated manifest that matches the SKILL.md.

Purpose & Capability: concernSKILL.md clearly describes a GitHub/gh CLI skill (header 'GitHub Skill' and numerous gh examples), but registry metadata (slug 'trello3') and the published name/description are inconsistent and do not reflect GitHub. This mismatch could be a harmless packaging error or intentional mislabeling.
Instruction Scope: okInstructions are narrowly scoped to running gh CLI commands and using --repo or GitHub API endpoints. They do not instruct reading arbitrary files, accessing unrelated environment variables, or transmitting data to unexpected endpoints.
Install Mechanism: okNo install spec and no code files — instruction-only skill. No files will be written to disk and nothing is downloaded or installed by the skill itself.
Credentials: okThe skill declares no required environment variables, no credentials, and the instructions do not reference secrets. This is proportionate for a gh CLI helper.
Persistence & Privilege: noteDefaults (always:false, agent may invoke autonomously). Autonomous invocation is permitted but not exceptional; combine this with the metadata mismatch if you are concerned about unintended actions.