Back to skill
Skillv2.1.1
ClawScan security
Cmo Advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 8:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, instructions, and included code are consistent with a CMO advisory tool: local Python modeling scripts and reference docs with no network, credential, or install demands.
- Guidance
- This skill appears coherent and self-contained: it provides reference docs and two local Python simulators for marketing budgeting and growth modeling, with no network calls or credential requirements. Before running: (1) inspect the two scripts in your environment (they appear safe and use only standard libraries), (2) review and adjust the hard-coded financial assumptions (MRR, churn, CAC, ASP) to match your business, and (3) run the scripts in a sandbox or isolated environment if you want to be extra cautious. Note: the skill's source/homepage are not provided — if provenance matters, consider asking the publisher for more information before installing.
Review Dimensions
- Purpose & Capability
- okName/description (CMO advisory: brand, growth models, budgets, org design) match the provided assets: SKILL.md, three reference docs, and two Python modeling scripts that simulate growth and budget scenarios. The requested surface (no env vars, no external services) is proportional to the stated purpose.
- Instruction Scope
- okRuntime instructions are limited to reading bundled reference docs and running the two local Python scripts. The SKILL.md does not instruct the agent to read unrelated system files, access external endpoints, or exfiltrate data. It is narrowly scoped to strategy diagnostics and modeling.
- Install Mechanism
- okThere is no install spec — this is instruction-plus-local-code. The included Python scripts are plain, self-contained modeling utilities (math, dataclasses, typing) and do not pull code from external URLs or registries. No archives are extracted and no unusual install locations are declared.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The scripts shown do not reference environment variables or external credentials. The requested access is minimal and appropriate for budget/growth modeling.
- Persistence & Privilege
- okThe skill is not always-enabled and uses the platform defaults for invocation. It does not request to persistently modify other skills or system-wide agent settings.