Back to skill
Skillv1.0.2
ClawScan security
多科学透视 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 3:51 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are consistent with its stated purpose (multi‑disciplinary analysis); nothing requires unrelated credentials or installs — the only operational caveat is it allows the user to provide file paths for the agent to read, which could expose sensitive files if misused.
- Guidance
- This skill appears to do what it says: multi‑disciplinary analysis of text. Before using it, avoid giving paths to sensitive system files (password stores, ssh keys, system configs) — instead paste or upload only the content you want analyzed. Be aware that anything you submit will be processed by the agent (and therefore possibly logged by the platform or provider); if your text contains private or regulated data, sanitize or omit it. If you plan commercial use, note the README references an upstream repo and licensing; contact the original author per the README if you need a commercial license or attribution.
Review Dimensions
- Purpose & Capability
- okName, description, and included reference materials align with a multi‑disciplinary analysis skill. There are no unrelated required binaries, environment variables, or installation steps that contradict the stated purpose.
- Instruction Scope
- noteRuntime instructions are prose-only and limited to analyzing user-provided text or files. However, the SKILL.md explicitly says a user can "provide file path let AI read" with no constraints; that grants the agent permission to read arbitrary file paths the user supplies. This behavior is reasonable if the user intentionally points to a file they want analyzed, but it does broaden the surface for accidental exposure of sensitive local files. The instructions do not reference any other system paths or environment variables.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files to execute; nothing is downloaded or written to disk by an installer.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — consistent and proportional for a text-analysis skill.
- Persistence & Privilege
- okalways:false and default autonomous invocation settings are used. The skill does not request elevated persistence or modification of other skills or system-wide settings.