抖音违禁词检测
Security checks across malware telemetry and agentic risk
Overview
The artifacts show a coherent local sensitive-word checker with disclosed GitHub word-list updates and no evidence of credential use, hidden execution, or uploading checked text.
This looks safe for its stated purpose. Before installing, decide whether you are comfortable with automatic daily downloads from the listed GitHub word-list sources. For fully offline or controlled behavior, maintain a local word list and disable auto-updates; treat results as advisory rather than a guaranteed platform compliance decision.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Changes or problems in the upstream repositories can change future detection results or cause false positives/negatives, although the downloaded content is treated as data rather than executed code.
The skill updates its word-list data from mutable GitHub branch URLs rather than pinned revisions or bundled-only files.
SOURCES = [ ... "https://raw.githubusercontent.com/konsheng/Sensitive-lexicon/main/...", ... "https://raw.githubusercontent.com/jkiss/sensitive-words/master/..." ]
Install only if you are comfortable with daily word-list updates from those repositories; for stricter control, pin or fork the sources, pre-populate the local word list, or disable auto-updates as described.