Skillv2.1.0

ClawScan security

ResearchMate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 17, 2026, 7:37 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (systematic material collection for deep writing) matches the runtime instructions and required capabilities; no disproportionate credentials, installs, or hidden endpoints are requested.
Guidance: This skill appears internally consistent with its stated purpose and contains no requests for credentials or hidden endpoints. Before installing, confirm the host platform provides the tools the SKILL.md expects (web_search, read_url, create_file and any document-export support). Be aware the README advertises a separate Python implementation (main.py, requirements.txt) but that code is not bundled in this skill package — if you need local Python features or Word/PDF exporters, you would have to retrieve and inspect that external repository yourself. Finally, remember that the skill will collect and present third-party content: verify any high-stakes facts against original source documents before publishing.

Review Dimensions

Purpose & Capability: okThe name/description (深度写作素材采集) aligns with the SKILL.md instructions: three-step query, multi-source web search, extraction, four-fold verification, scoring, and structured outputs. The declared capabilities (web_search, read_url, create_file usage) are coherent with the stated goal and no unrelated credentials or system accesses are requested.
Instruction Scope: noteThe SKILL.md gives detailed, scoped instructions that stay within the stated purpose: it instructs the agent to run web_search/read_url to fetch publicly available material, perform validation checks, score items, and produce Markdown/CSV/Word/PDF outputs. It does not instruct reading arbitrary local files or environment secrets. Note: the skill assumes the agent has helper tools (web_search, read_url, create_file and possibly document-export capabilities); if those tools are not present or have broader network/IO privileges, actual behavior may differ.
Install Mechanism: noteThis is an instruction-only skill with no install spec and no bundled code, which is the lowest-risk form. However, README.md describes a full Python project (main.py, src/, requirements.txt, clone/install steps). That repository content is not included here—only SKILL.md and README.md were packaged. This mismatch is not necessarily malicious but is an inconsistency: some advertised local features (running a Python binary, pip installs, local exporters) won't work unless the external repo is obtained and run.
Credentials: okThe skill requests no environment variables, secrets, or config paths. The SKILL.md explicitly states it will not access paid or private databases and will not gather unpublished internal data. The lack of credentials is proportionate to the described public-data collection functionality.
Persistence & Privilege: okalways is false and the skill is user-invocable; autonomous invocation is allowed by default (disable-model-invocation is false) which is standard for skills. The skill does not request elevated/persistent privileges or modifications to other skills or system-wide settings.