Back to skill
Skillv1.0.0
ClawScan security
Huaxiaozhu · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 9:20 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only ride‑hailing assistant whose requirements and instructions are consistent with its stated purpose and do not request unnecessary access or installs.
- Guidance
- This skill is instruction-only and appears coherent with its purpose: it provides guidance about Huaxiaozhu fares, coupons and safety without requesting credentials or installing code. Before installing, note that the source/homepage is unknown — because it contains no code or installs the risk is low, but the content could be stale or inaccurate. Don’t enter or share any personal credentials or payment data with the skill itself; verify price or account actions inside the official Huaxiaozhu app. If you need higher assurance, prefer skills published by known authors or with links to an official homepage or repository.
Review Dimensions
- Purpose & Capability
- okName, description and SKILL.md all describe a Huaxiaozhu ride‑hailing assistant (discounts, trip planning, safety). There are no declared credentials, binaries, or unrelated requirements that would be out of scope for this purpose.
- Instruction Scope
- okRuntime instructions are limited to descriptive guidance about pricing, coupons, safety and usage advice. They do not instruct the agent to read files, access environment variables, call external endpoints, or perform actions outside the domain of ride‑hailing assistance.
- Install Mechanism
- okNo install spec and no code files — instruction‑only content means nothing is written to disk or downloaded at install time. This is the lowest‑risk install profile.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. There is no disproportionate access requested relative to the stated function.
- Persistence & Privilege
- okalways is false and default autonomy is allowed (normal). The skill does not request persistent installation, modify other skills, or ask for system‑wide settings.