Back to skill
Skillv1.0.0
ClawScan security
Xueersi Reading Reflection Guide · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 9:55 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only guide for helping K–9 students write reading/viewing reflections; it requests no credentials, installs, or file access and its behavior matches its description.
- Guidance
- This skill appears coherent and low-risk: it only provides prompts and templates and asks for no secrets or installs. Before installing, consider: (1) verify the publisher if you care about official Xueersi branding or licensing — the registry metadata lists no homepage and source is unknown; (2) supervise use with younger students to ensure they don't paste or accept full essays (the skill already warns against producing finished essays); and (3) if you enable autonomous invocation, be aware the agent may call the skill without an extra prompt — acceptable here but note for privacy-sensitive deployments.
Review Dimensions
- Purpose & Capability
- okThe name and description claim a reading/reflection guide for K–9 students and the SKILL.md contains step-by-step prompts and templates that directly implement that purpose. There are no unrelated requirements (no env vars, binaries, or installs). Note: the SKILL.md asserts an author/brand name (Xueersi/学而思) while the published source is 'unknown' — this is a provenance/trademark concern rather than a technical inconsistency.
- Instruction Scope
- okRuntime instructions are narrowly scoped to asking Socratic questions and producing writing frameworks; they explicitly instruct the agent not to produce finished essays and do not reference reading files, accessing environment variables, network endpoints, or other system resources.
- Install Mechanism
- okNo install spec or code files are present (instruction-only). This minimizes risk because nothing is written to disk and no external packages are downloaded or executed.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths, which is proportionate for an instruction-only educational guide.
- Persistence & Privilege
- notealways is false (default) and autonomous invocation is allowed (disable-model-invocation is false), which is the platform default. This is not a unique concern for this innocuous skill, but users should be aware the agent could call it autonomously when enabled.