Back to skill
Skillv9.9.5
ClawScan security
Alert Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 4:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only SEO alerting skill whose stated purpose, runtime instructions, and requested access are coherent and proportionate — no installs, credentials, or unexpected behavior detected.
- Guidance
- This skill is an instruction-only template for configuring SEO alerts and appears internally consistent. Before installing/using: (1) confirm how your platform manages connectors and supply any SEO/Analytics credentials only through the platform's secure connector flow (don't paste tokens into chat); (2) be aware the skill can write summaries to agent memory if you accept the save prompt—review those memory files and remove any sensitive data you don't want persisted; (3) review CONNECTORS.md (linked in the SKILL) to understand which external services might be integrated and what credentials they require; (4) if you expect automated integration with APIs (Search Console, analytics, PagerDuty, SMS), ensure those integrations are explicitly authorized and use least-privilege credentials.
Review Dimensions
- Purpose & Capability
- okThe name/description (SEO alerts for rankings, traffic, technical issues, competitors) matches the SKILL.md content and reference templates. The skill is instruction-only and does not request unrelated binaries, credentials, or system paths.
- Instruction Scope
- noteRuntime instructions stay within alert configuration, thresholds, response plans, notification routing, and producing a user-facing monitoring deliverable. The skill will read optional repo/state-model docs (CLAUDE.md / shared State Model) when available and write monitoring summaries to memory (memory/monitoring/..., memory/open-loops.md, memory/decisions.md). This is expected for a monitoring/handoff skill but note it persists findings to agent memory if the user agrees.
- Install Mechanism
- okNo install spec and no code files — the skill is instruction-only, so nothing is downloaded or written to disk by an installer. Low install risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. It references optional connectors (SEO tools, Search Console, crawlers) but does not demand credentials itself — connector credentials would be supplied separately by the platform or user.
- Persistence & Privilege
- okalways:false (default). The skill writes monitoring deliverables to agent memory when the user consents to 'Save these results?'. It does not request elevated or cross-skill configuration changes.