Back to skill
Skillv1.0.0
ClawScan security
Yixin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 9:21 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a read-only, archived informational skill about a defunct social app; it requests no credentials, no binaries, and has no install steps.
- Guidance
- This skill is essentially a static archival note about the defunct "易信" app and appears safe: it asks for no credentials and has no install steps. It provides minimal utility (just informational text). If you need actionable features (e.g., data migration, account recovery, or live API access), this skill does not provide them — look for a purpose-built skill and only enable those that request the specific credentials or permissions you expect. As always, avoid granting broad permissions to skills unless you trust their source.
Review Dimensions
- Purpose & Capability
- okThe skill's name/description claim a historical archive and the SKILL.md contains only descriptive text. There are no requested env vars, binaries, or installs that would be inconsistent with an informational stub.
- Instruction Scope
- okSKILL.md contains only static metadata and a short archived description. It does not instruct the agent to run commands, read files, access external endpoints, or exfiltrate data.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths; requested permissions are minimal and proportional to an informational skill.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent presence or modify other skills or system settings.