Skillv1.0.0

ClawScan security

c-level-advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 3:15 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The package and runtime instructions are internally consistent with a multi-role C-level advisory toolkit, but it includes many executable Python scripts and local persistence (company-context.md, decision logs) that you should review before running.
Guidance: This skill appears to do what it says (a packaged virtual board with analysis scripts), but you should take a few safety steps before installing or running it: - Inspect the bundled Python scripts (cfo-, cto-, ciso-, etc.) for any network calls (urllib, requests, socket) or subprocess usage that could transmit data externally. The SKILL claims "stdlib-only" — verify that claim in the code. - Treat company-context.md and decision logs as sensitive: review where they are written, who can read them, and whether they contain PII, secrets, or financials you don't want persisted. - Verify provenance: README references an external npx install path and the author; ensure you trust the publisher (the registry owner ID in metadata) before running scripts or following install suggestions. - Run the code in an isolated environment (sandbox, container) first if you plan to execute the provided Python tools, and monitor outbound network activity. - If you need stricter guarantees, ask the publisher for a short summary of any external network usage in the scripts or for a signed provenance statement. If you lack the ability to audit code, avoid running the packaged scripts with live company data. If you review the code and confirm there are no unexpected network calls or elevated privileges, this skill is coherent with its stated purpose and reasonable to use with caution.

Review Dimensions

Purpose & Capability: noteThe name/description (virtual C-suite, board meetings, role routing) matches the included content: role SKILL.md files, orchestration protocol, board-deck templates, and 25 Python analysis scripts (finance, hiring, tech debt, risk, etc.). Minor documentation inconsistencies exist (README claims '2 skills' while manifest contains ~28 skills), and the README contains npx install examples pointing to an external repo — a provenance/documentation mismatch worth checking but not a functional red flag.
Instruction Scope: noteSKILL.md instructs agents to create and write company-context.md in the project root and to log board interactions (Decision Logger two-layer memory). This is consistent with the stated purpose (persisting company context and decisions), but it does mean potentially sensitive business data will be written to disk. The runtime instructions do not explicitly instruct reading unrelated system files or exfiltrating data, but the included Python scripts (packaged with the skill) could be executed and may perform I/O — you should review them for unexpected file or network access.
Install Mechanism: noteThere is no install spec in the registry metadata (instruction-only), which is lower-risk. However, the README provides npx install commands referencing an external user/repo (alirezarezvani/claude-skills), which is a documentation artifact to verify. The package already includes many code files (no separate download step), so there is no immediate downloader/extract step recorded — but verify whether your agent runtime will execute those bundled scripts automatically.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. That is proportional to its advisory purpose. Note: even without declared secrets, the skill will invite the user to write business-sensitive context and logs locally; treat those files as sensitive.
Persistence & Privilege: notealways:false (normal). The skill is designed to persist context and decision logs (company-context.md, decision-log / two-layer memory) in the project root; this persistence is within its scope but increases the sensitivity of data stored by the agent. It does not request system-wide privileges or modify other skills' configs according to the provided metadata.