Back to skill
Skillv1.0.0
ClawScan security
Xueersi Parent Comment Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 9:55 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only generator for parent comment text and its requirements and instructions are consistent with that purpose.
- Guidance
- This skill appears coherent and limited to generating parent comment text, but before installing consider: (1) privacy — don't enter unnecessary personally identifying information (full student ID, home address, medical details); supply only the performance details needed to generate a comment. (2) review outputs — check tone, factual accuracy, and cultural/school policy appropriateness before using in official documents. (3) translations — if you use the convert/translate options, verify translation quality for sensitive wording. (4) attribution — the SKILL.md references 'Xueersi' but the source/homepage are unknown; if brand affiliation matters, confirm legitimacy. If you require offline or audit-trail handling of student data, prefer a solution that documents where data is sent and stored.
Review Dimensions
- Purpose & Capability
- okName and description describe generating parent signature comments; the SKILL.md only asks for typical input fields (grade, scores, highlights, areas to improve, tone) and defines output formats — nothing requested is unrelated to the stated purpose. Note: the SKILL.md claims affiliation 'By Xueersi (学而思)' but the skill's source/homepage are unknown; this is a branding/attribution question rather than a technical mismatch.
- Instruction Scope
- okRuntime instructions solely describe collecting user-provided child/performance details and producing 2–3 text variants with specified tones and lengths. There are no instructions to read system files, environment variables, or send data to third parties.
- Install Mechanism
- okNo install spec and no code files (instruction-only). This minimizes disk writes and external code execution risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — consistent with a purely text-generation helper.
- Persistence & Privilege
- okalways is false and the skill does not request system or cross-skill configuration changes. Normal autonomous invocation is permitted by platform defaults but not excessive here.