ClawHub
Back to skill
v1.0.0

Rfp Response Generator

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:30 AM.

Analysis

The skill is a coherent instruction-only RFP drafting aid, with the main cautions being confidential proposal data, generated local files, and a reference to an unavailable style guide.

GuidanceThis appears safe to use as an instruction-only drafting aid, but use it in a private proposal workspace, provide only necessary confidential materials, review all generated content before submission, and clarify or ignore the missing SOUL.md style-guide reference.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Deliver the following files: ... `compliance-matrix.md` ... `technical-response.md` ... `review-checklist.md`

The skill asks the agent to create several Markdown output files. This is scoped and aligned with the purpose, but it is still local file-writing behavior users should be aware of.

User impactThe agent may create or overwrite proposal-draft files with these names in the working location.
RecommendationRun the skill in a dedicated proposal folder and confirm before overwriting any existing files.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Follow the humanizer rules from SOUL.md §7 for all narrative sections

The skill depends on a referenced instruction file or section that is not present in the manifest, so that guidance cannot be reviewed from the supplied artifacts.

User impactNarrative output may depend on unavailable or environment-specific instructions if a SOUL.md file is found elsewhere.
RecommendationAsk the author to include or inline the SOUL.md §7 rules, or treat that reference as inactive unless the intended file is clearly provided.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
**Company profile** — capabilities, past performance, team bios (or a file path)

The skill is intended to process potentially confidential business and proposal material. This is expected for an RFP generator, and the artifacts do not show external transmission or cross-task memory.

User impactSensitive company capabilities, past performance, personnel, or bid strategy may appear in the agent context and generated proposal files.
RecommendationProvide only the materials needed for the proposal, avoid secrets not required for drafting, and store generated files in an appropriate private workspace.