Skillv1.0.0

ClawScan security

onboarding-cro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 3:24 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions match its stated purpose (onboarding/CRO); it includes a harmless local funnel analyzer and requests no credentials or installs.
Guidance: This skill appears coherent and low-risk, but before installing: (1) review any .claude/product-marketing-context.md or other workspace files the agent might read to ensure they don't contain sensitive secrets, (2) if you plan to run the included Python script, inspect it (it's short and benign) and run it on local sample data first, and (3) if you don't want the agent to read workspace context files, remove or redact them or avoid invoking the skill. If you want higher assurance, run the script in a sandboxed environment with non-sensitive JSON input.

Review Dimensions

Purpose & Capability: okThe name/description (onboarding CRO) align with the contents: a detailed SKILL.md about onboarding best practices and a Python script that analyzes activation funnels. Nothing required by the skill (no env vars, no binaries, no installs) is unrelated to its purpose.
Instruction Scope: noteSKILL.md gives explicit, bounded instructions for onboarding audits and flow design. It instructs the agent to read .claude/product-marketing-context.md if present — this is reasonable (product context) but means the skill will read a workspace file if available. That file can contain sensitive product information, so users should review it before allowing the skill to access it.
Install Mechanism: okNo install spec (instruction-only) and the included script is a small, local Python analyzer. There are no network downloads, archive extracts, or package installs referenced. The script reads local JSON or uses embedded sample data and prints results; it contains no obfuscated code or outbound network calls.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The only external data access it mentions is an optional .claude/product-marketing-context.md in the workspace; otherwise it operates on explicit funnel JSON inputs or sample data.
Persistence & Privilege: okalways is false, the skill is user-invocable, and it doesn't request persistent presence or modify other skills or agent-wide settings. Autonomous invocation is allowed by default but not unusual; no extra privilege escalation indicators are present.