Skillv1.0.0

ClawScan security

social-media-manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 11, 2026, 3:51 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, runtime instructions, and requested resources are consistent with a social-media strategy/calendar generator and do not ask for unrelated credentials or privileged access.
Guidance: This skill appears coherent and low-risk for its stated purpose, but take these precautions before installing: 1) Inspect marketing-context.md (if provided) to ensure it contains no secrets or credentials — the skill will read it for context. 2) Review the included Python script yourself (it appears to use only the Python stdlib and generates calendars locally) before running, especially if you will execute it in your environment. 3) Run the script in demo mode or in an isolated environment first to verify behavior. 4) If you intend to connect this skill to real social accounts later, only provide platform credentials through well-scoped integrations (not by pasting secrets into marketing-context.md).

Purpose & Capability: okName/description (social media strategy, calendars, community management) align with SKILL.md content and the included Python script which generates content calendars. No unrelated binaries, services, or credentials are requested.
Instruction Scope: okSKILL.md stays on-topic: it asks for marketing context, goals, and resources and instructs the agent how to build strategies and calendars. It does instruct the agent to read marketing-context.md if present, which is reasonable for the skill's purpose but means the agent will access a local file when available.
Install Mechanism: okNo install spec is provided and the included script claims to be 100% stdlib Python (no pip installs). That minimizes disk/network installation risk.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths beyond optionally reading marketing-context.md. Requested access is proportionate to a content-planning tool.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent or elevated platform privileges or modifications to other skills.