Back to skill
Skillv1.0.0
ClawScan security
copywriting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 3:51 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and minimal runtime requirements are consistent with a copywriting tool; nothing requests unrelated credentials or hidden network installs.
- Guidance
- This skill appears coherent and focused on copywriting. Two practical cautions: (1) the instructions tell the agent to read .claude/product-marketing-context.md if present — avoid putting secrets, API keys, or sensitive credentials in that file if you enable the skill. (2) The repository includes a local Python script (headline_scorer.py) that the agent could run if asked; the script is self-contained and safe on inspection, but if you have policies restricting execution of local code, consider disallowing automatic execution or reviewing the script before use. Otherwise this skill does what it says and does not request unrelated permissions or network installs.
Review Dimensions
- Purpose & Capability
- okName and description match the provided SKILL.md, reference docs, and the included headline_scorer.py script — all clearly related to writing and evaluating marketing copy. No unrelated binaries, credentials, or config paths are requested.
- Instruction Scope
- noteRuntime instructions are focused on gathering page/audience/product context and writing copy. They explicitly tell the agent to read .claude/product-marketing-context.md if it exists — this is relevant to the task but means the skill will look for and read a local workspace file. The instructions do not request unrelated system files or external endpoints.
- Install Mechanism
- okNo install spec is provided (instruction-only), and the only code is a local Python utility (headline_scorer.py). Nothing is downloaded or written to disk at install time.
- Credentials
- okThe skill requires no environment variables, credentials, or external config paths. The only file access called out (.claude/product-marketing-context.md) is plausible for assembling marketing context.
- Persistence & Privilege
- okalways is false and the skill is not force-enabled. The skill can be invoked autonomously (platform default), which is expected for a user-invocable copywriting skill and is not combined with broad credential access or system modifications.