Back to skill
Skillv1.0.4
ClawScan security
张洪Heo博客助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 10:12 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions are consistent with its stated purpose (chat/search a public blog); it makes no unexpected credential or install demands.
- Guidance
- This skill appears to only interact with the public blog (fetch JSON/RSS, call the blog's chat UI via in-page JS, and extract visible replies and reference links). Before installing, confirm that your agent's 'browser' / DOM-extraction tool is appropriately sandboxed and will not leak cookies or other agent credentials to the remote site. Also note that the skill requires the ability to set a Referer header for the hot.php API — ensure your platform supports that. If you are comfortable with the agent opening and interacting with the blog page and that the blog content is public, the skill is reasonable to use. If you need stricter privacy, avoid giving the agent browser access or audit the platform's browser tool behavior first.
Review Dimensions
- Purpose & Capability
- okThe name/description (blog chat/search) aligns with the actions described: fetching JSON/RSS endpoints, opening the blog, invoking in-page chat/search JS, and extracting article lists and chat replies. There are no unrelated environment variables, binaries, or install steps requested.
- Instruction Scope
- okSKILL.md limits operations to the blog's public endpoints and the blog page DOM: fetch post_info.json, tags/categories APIs, the hot.php API (with a Referer header), open the blog and call postChatUser.sendChatMsg/sendSearchMsg, and extract the AI message and reference links. It does not instruct reading files, other sites, system env vars, or sending data to unrelated external endpoints. Note: it assumes the agent platform supplies a 'browser' tool and network fetch capability to execute in-page JS and extract DOM content.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk or downloaded during install.
- Credentials
- okNo environment variables, credentials, or config paths are requested. All network calls target the blog's known endpoints mentioned in the description.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide modifications or elevated privileges. Autonomous invocation is allowed by default but is not combined with any broad secrets or always-true flag.