Back to skill
Skillv1.0.0
ClawScan security
Didi Bike · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 9:21 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only helper about Didi Qingju bikes; its requested footprint and instructions match the described purpose and it does not ask for credentials or install anything.
- Guidance
- This skill is coherent with its stated purpose and does not request credentials or install code, but note the package metadata has no homepage and an unknown owner — that affects trust, not technical behavior. Before using: (1) verify tips like pricing and rules against the official Didi/Qingju app for your region (fees and rules can change), (2) avoid sharing sensitive personal data in conversations with any third‑party skill, and (3) if you need stronger provenance guarantees, prefer skills with a verifiable homepage or known publisher.
Review Dimensions
- Purpose & Capability
- okName/description (Didi Qingju bike assistant) match the SKILL.md content. The skill does not request unrelated credentials, binaries, or config paths. Note: metadata lists an unknown source/homepage, which is a provenance/trust consideration but does not create a capability mismatch.
- Instruction Scope
- okSKILL.md contains only domain knowledge, usage tips, pricing, and user-facing guidance. It does not instruct the agent to read files, access environment variables, run commands, or transmit data to external endpoints beyond normal conversational behavior.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This is the lowest-risk install model and nothing is written to disk or fetched during install.
- Credentials
- okNo required environment variables, credentials, or config paths are declared or referenced in the instructions; the requested access is minimal and appropriate for the stated purpose.
- Persistence & Privilege
- okalways: false and default invocation settings. The skill does not request elevated or persistent privileges and does not modify other skills or system-wide configuration.