Back to skill
Skillv1.0.12
ClawScan security
OpenClaw Chinese Laoshi Ops · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 3:42 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and requirements are internally consistent with its stated purpose (local/sanitized Chinese lesson handling) and do not request disproportionate credentials, installs, or privileges.
- Guidance
- This skill appears coherent and safe in itself: it only uses bundled lesson data and asks for explicit confirmation before running any repo commands. Before installing, verify the GitHub homepage/author if you want provenance, and be aware that an agent session with repository or connector access could read files from any attached repo — only proceed when you trust the connected repo and confirm any commands the skill proposes. If you plan to sync to a Drive mount, provide a pre-authenticated local mount path (--drive-root) and never supply cloud credentials to the skill.
Review Dimensions
- Purpose & Capability
- okName/description match the provided artifacts: bundled course data, lesson plans, and guidance files. No unexpected env vars, binaries, or cloud credentials are declared or required for the stated task.
- Instruction Scope
- okSKILL.md limits work to bundled public course data and user-provided transcript/subtitle inputs, requires explicit user confirmation before running repo commands, and forbids searching system credential stores. Instructions do not direct data to external endpoints or ask for undeclared secrets.
- Install Mechanism
- okInstruction-only skill with no install spec and no code to write or execute on install. No download or archive-extract steps are present.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The only allowed external access is an explicit user-provided --drive-root pointing to a pre-authenticated local mount, which is reasonable and constrained by the instructions.
- Persistence & Privilege
- okSkill is not always-enabled and declares disable-model-invocation; it does not request system-wide persistence or modify other skills. It requires user confirmation before running repository commands.