Skillv1.0.0

ClawScan security

maozedong-founder-coach（毛泽东思想式创业教练） · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 8, 2026, 11:15 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's content and requirements largely match a coaching tool, but it declares broad runtime tools (Bash, WebFetch, Read/Write/Edit) while having no need for them and has no known source/homepage, which is disproportionate and worth caution.
Guidance: This skill's content is coherent with a conversational coaching tool, but take these precautions before installing: 1) Ask the publisher for a source or homepage (none is provided). 2) Verify what the platform will actually grant when it honors the skill's allowed-tools: if the skill can run Bash or make arbitrary WebFetch calls, consider that a meaningful increase in risk for data exfiltration or unwanted system actions — remove those tool permissions unless needed. 3) If you only want a chat coach, prefer a version restricted to Read/Edit/Write (no Bash/WebFetch). 4) Consider ethical/legal implications of using political/military metaphors in business advice and whether the content is appropriate for your audience. 5) If you want higher assurance, request the publisher to sign the skill with a verifiable homepage or repository and to document any runtime web or shell usage explicitly.

Review Dimensions

Purpose & Capability: okName, description, README and SKILL.md are coherent: a founder/CEO coaching skill applying Mao Zedong strategic concepts to business. It declares no binaries, env vars, config paths, or installs — which is appropriate for an instruction-only coach.
Instruction Scope: noteThe SKILL.md contains only conversational coaching workflows, triggers, and canned responses and does not instruct reading files, environment variables, or external endpoints. However the skill metadata includes allowed-tools that permit Bash and WebFetch even though the instructions never require shell or network access — this broad capability is unnecessary for the stated purpose and expands the skill's effective scope.
Install Mechanism: okNo install spec and no code files; instruction-only skills are low risk from install perspective. Nothing is written to disk by an installer.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The SKILL.md does not reference secrets or other services, so requested permissions appear proportionate — except for the allowed-tools mismatch noted above.
Persistence & Privilege: notealways:false (normal). user-invocable:true and model invocation is enabled (disable-model-invocation:false), which is the platform default. Combined with the broad allowed-tools (Bash/WebFetch/Write), autonomous invocation could increase blast radius if the agent were permitted to execute system commands or make arbitrary web requests — the skill itself doesn't instruct that, but the capability exists.