Back to skill
Skillv1.0.0
ClawScan security
pricing-strategy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 3:50 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and code are coherent for SaaS pricing work: no installers, no credential requests, and the included script only performs local calculations and optional file reads.
- Guidance
- This skill appears coherent and focused on pricing work. Before installing: (1) review any local context files (e.g., marketing-context.md) to ensure they contain no secrets or sensitive credentials, since the skill asks the agent to read such files; (2) if you plan to pass data to scripts, inspect the sample input and run the Python script locally to confirm outputs and behavior; (3) note the owner is unknown—if you need extra assurance, request the author identity or run the skill in a restricted/sandboxed environment first. Overall there are no install downloads, no network endpoints or credential requests in the package itself.
Review Dimensions
- Purpose & Capability
- okName/description match the contents: SKILL.md and the references are pricing guides and playbooks, and scripts/pricing_modeler.py implements revenue/tier projections consistent with the stated purpose.
- Instruction Scope
- noteRuntime instructions are narrowly focused on pricing tasks. They instruct the agent to read marketing-context.md if present and to gather pricing metrics; reading a local context file is reasonable for this skill but means the agent will access workspace files if they exist — users should avoid placing secrets in such context files.
- Install Mechanism
- okNo install spec and no external downloads; the skill is instruction-only with a small local script. This is the lowest-risk install profile.
- Credentials
- okNo required environment variables, no credentials, and no config paths requested. The requests are proportional to a pricing advisory tool.
- Persistence & Privilege
- okalways is false and the skill doesn't request system-level persistence or modify other skills. Autonomous invocation is allowed by default (normal), but there are no extra privileges requested.