Back to skill
Skillv1.0.0
ClawScan security
paywall-upgrade-cro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 3:24 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only paywall/CRO advisor whose requested actions and scope match its description and it does not request extra credentials or installs.
- Guidance
- This skill appears coherent and low-risk: it is instruction-only and matches its stated purpose. Before installing, check that any workspace context files it may read (e.g., .claude/product-marketing-context.md or references/experiments.md) do not contain secrets or credentials you wouldn't want the agent to read. Because the skill can run when invoked by the agent, avoid placing sensitive tokens or private keys in project files accessible to the agent. If you want stricter control, disable autonomous invocation for your agent or remove sensitive files from the workspace.
Review Dimensions
- Purpose & Capability
- okThe SKILL.md content is focused on in-app paywalls, upgrade screens, triggers, copy, and A/B ideas which aligns with the name/description; there are no unrelated dependencies, environment variables, or binaries requested.
- Instruction Scope
- noteThe runtime instructions tell the agent to read a local context file if present ('.claude/product-marketing-context.md') and reference other docs (references/experiments.md). Reading a product-marketing context file is reasonable for personalized recommendations, but it does allow the skill to access workspace files if they exist — review those files for sensitive data before use.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This minimizes disk/write risk.
- Credentials
- okThe skill declares no required env vars, credentials, or config paths. Nothing disproportionate is requested for a CRO/paywall advisor.
- Persistence & Privilege
- okalways is false and it is user-invocable (normal). The skill can be invoked autonomously by the agent (disable-model-invocation=false) which is the platform default; this is expected and not by itself a problem.