https://clawhub.ai/api/v1/skills/chengjun-content-security/file?path=SKILL.md&version=1.0.2
github.com/clawhub.ai/chengjun-content-security
Scanned Thu, 28 May 2026 16:25:21 GMT
Scan ID crawl-iq7d1xvtk60yjbpdr9karrcd · 2ms
A
SCORE 95 / 100
Verdict: Safe to install
2 medium findings.
This skill ships without a capability manifest plus 1 other issue listed below.
0 critical0 high2 medium10 rules passed
Why grade A?
score · 95 / 100The current grade reflects 2 minor findings below all thresholds.
0 CRIT0 HIGH2 MED0 LOW
Already at the top grade — no further rules to pass.
Findings · ordered by severity
medNo capability manifest declaredThe skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.rule: no-manifest▾
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule:
no-manifestmedSkill name mixes ASCII with lookalike non-ASCII charactersThe skill name `成均内容安全 description: 通过调用成均平台的HTTP API接口,检测文本中的敏感信息、语法错误、标点符号问题等,保障内容合规。` contains characters that visually resemble ASCII letters but are from a different script: , (U+FF0C), , (U+FF0C). This is the standard typosquat pattern — installers think they're getting `stripe/checkout` and end up with a malicious lookalike.▾
Skill name mixes ASCII with lookalike non-ASCII characters
The skill name `成均内容安全 description: 通过调用成均平台的HTTP API接口,检测文本中的敏感信息、语法错误、标点符号问题等,保障内容合规。` contains characters that visually resemble ASCII letters but are from a different script: , (U+FF0C), , (U+FF0C). This is the standard typosquat pattern — installers think they're getting `stripe/checkout` and end up with a malicious lookalike.
name: 成均内容安全 description: 通过调用成均平台的HTTP API接口,检测文本中的敏感信息、语法错误、标点符号问题等,保障内容合规。
skillox.io/r/crawl-iq7d1xvtk60yjbpdr9karrcd