Back to skill
Skillv1.0.1
ClawScan security
自然语言转JOSN参数 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 2:08 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are coherent with its stated purpose (converting natural language to JSON using a local template); it is instruction-only, requests no credentials, and has no install steps.
- Guidance
- This skill appears consistent and low-risk: it reads a local template and the conversation history, then returns structured JSON. Before installing, consider: (1) the skill will include raw user inputs in the generated JSON and may rely on stored previous conversions—avoid submitting sensitive personal data if you don't want it preserved; (2) confirm how your agent platform persists conversation memory (how long previous conversions are kept); and (3) review templates/default.json if you want different fields. Test the skill with non-sensitive example inputs first.
Review Dimensions
- Purpose & Capability
- okName and description match the actual behavior: reading templates/default.json and converting user text into a JSON structure. There are no unrelated binaries, environment variables, or external endpoints requested.
- Instruction Scope
- okSKILL.md instructs only to read the local template, extract fields from user input, convert relative/absolute times to a fixed format, optionally inherit prior-conversion values from conversation history, and output JSON only. It does not instruct reading system files, contacting external services, or accessing unrelated credentials.
- Install Mechanism
- okNo install spec and no code files that would be written/executed on disk; this is instruction-only and has minimal surface area.
- Credentials
- okNo environment variables, secrets, or config paths are required. The only data used are the local template file and conversation history, which are proportional to the task.
- Persistence & Privilege
- notealways:false and no system-modifying instructions. The skill requires remembering the previous conversion result (conversation history or agent memory) to implement 'context inheritance'—this is expected for the feature but implies the agent will persist or access prior outputs; verify how long and where that context is stored if you have privacy concerns.