ClawHub
Back to skill
v2.1.1

Cro Advisor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:31 AM.

Analysis

The skill appears to be a coherent B2B SaaS revenue-advisory package with disclosed, user-directed local analysis scripts and no evidence of credential use, exfiltration, persistence, or destructive behavior.

GuidanceThis skill looks appropriate for CRO-style revenue analysis. Before installing or using it, note that the optional scripts run locally and may process sensitive revenue or customer CSVs, so provide only the data needed for the analysis.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
python scripts/revenue_forecast_model.py

The skill explicitly tells the user how to run bundled Python code locally. This is disclosed and central to the stated forecasting purpose, but it is still local code execution.

User impactRunning the optional scripts executes code on the user’s machine to analyze revenue data.
RecommendationRun the scripts only from the installed skill package you intended to use, and review or restrict inputs if the CSVs contain sensitive business data.
Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
scripts/churn_analyzer.py
python churn_analyzer.py --csv customers.csv

The script accepts a user-supplied CSV file containing customer and revenue fields. This is expected for churn analysis and no unsafe sharing or destructive behavior is evidenced.

User impactThe analysis may process sensitive customer, ARR, churn, and retention information locally.
RecommendationUse appropriately scoped or sanitized CSVs when possible, and avoid providing data that is not needed for the requested analysis.