Back to skill
Skillv1.0.1
ClawScan security
伐谋 - 任务定义与评估器生成 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 6:31 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, required artifacts, and behavior are internally consistent with its stated purpose: guiding a user through defining a FaMou evolution task and producing/validating problem.md, init.py, evaluator.py, and prompt.md.
- Guidance
- This skill is coherent for its stated purpose, but be aware it will: (1) read files in your project workspace (data, code, README, configs), (2) create/overwrite problem.md, evaluator.py, init.py, and prompt.md, and (3) run the generated evaluator which executes the provided init.py (i.e., will run Python code). Only run it on projects and code you trust or in a sandboxed environment. Review generated evaluator/init code before executing if you have any security concerns, and do not supply secrets or credentials to this skill.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md: it claims to clarify a task and produce three artifacts; all declared requirements are empty and the instructions only reference generating/validating those artifacts. There are no unrelated environment variables, binaries, or installs requested.
- Instruction Scope
- noteThe runtime instructions explicitly direct the agent to inspect project files (data, code, README, configs), run an interactive clarification loop, write problem.md/evaluator.py/init.py/prompt.md, and execute the evaluator to test init.py. Reading workspace files and executing validation runs is coherent for this task but means the agent will access and run code in the user's project directory.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. No packages or external downloads are requested.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill's needs are proportional to producing and validating the described artifacts.
- Persistence & Privilege
- okalways is false and the skill does not request persistent privileges or modify other skills or system-wide settings. It will create/overwrite problem.md and generate code artifacts in the working directory as expected.