Back to skill
Skillv1.0.0
ClawScan security
Customer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 11:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested resources and runtime instructions are coherent with its stated purpose (customer success playbooks, health scoring, onboarding and renewal guidance) and it does not request extra credentials, installs, or unexpected system access.
- Guidance
- This skill appears internally consistent and advisory only, but note the package source is unknown and there is no homepage listed—if you plan to rely on it, verify the author/maintainer (AGIstack) and prefer official sources. Because the skill gives playbooks and prompts (not connectors), avoid feeding real customer PII or credentials into examples when testing. If a future version adds integrations (CRM, analytics, or API keys), review required environment variables and installation steps before enabling them. Finally, test the skill in a limited context first and confirm behavior matches expectations.
Review Dimensions
- Purpose & Capability
- okThe name/description (customer success, churn prevention, onboarding, expansion) match the SKILL.md, examples, and heartbeat guidance. The skill does not request unrelated binaries, environment variables, or config paths.
- Instruction Scope
- okSKILL.md contains playbooks, templates, prompts, and monitoring checklists only. It does not instruct the agent to read local files, access environment variables, or transmit data to external endpoints. Occasional guidance to use LinkedIn or internal networks is user-directed advice, not automated exfiltration.
- Install Mechanism
- okNo install spec and no code files — instruction-only. Nothing is written to disk or downloaded as part of the skill itself.
- Credentials
- okRequires no credentials, no config paths, and declares no primaryEnv. The scope of secret/credential access is minimal and appropriate for a purely advisory/customer-success skill.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request system-wide configuration changes or cross-skill privileges. Autonomous invocation is allowed by default but the skill has no elevated persistence or modification behavior.