Skillv1.0.0

ClawScan security

Revenue Operations · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 9, 2026, 3:34 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, instructions, and required inputs are consistent with a RevOps toolkit that runs local Python analysis scripts; it does not request secrets, installers, or external network access in the visible code.
Guidance: This skill is internally consistent with its stated purpose, but you should still: (1) confirm Python 3 is available in the runtime before use; (2) review the other two scripts (pipeline_analyzer.py and gtm_efficiency_calculator.py) locally to ensure they don't make network calls or access unexpected files before running in a production environment; (3) run the tools first on the included sample JSON files to verify outputs; (4) avoid feeding production secrets or live CRM exports into any third-party skill until you have reviewed the code and are comfortable with it; and (5) if you plan to let agents invoke this autonomously, consider limiting that capability unless you trust the skill and the agent's scope.

Purpose & Capability: okName/description match the included templates and three Python scripts (pipeline analysis, forecast accuracy, GTM efficiency). The supplied sample inputs, report templates, and reference docs are all appropriate and proportional to a revenue-operations toolkit.
Instruction Scope: okSKILL.md instructs running the local Python scripts against JSON input files and describes expected outputs and workflows. The instructions do not ask the agent to read unrelated system files or transmit data to external endpoints; verifying input data and cross-checking against a CRM are reasonable user workflows for this purpose.
Install Mechanism: okThere is no install spec and all code appears bundled with the skill. No network downloads or archive extraction are present in the manifest. Scripts are Python-based and will run locally if Python is available.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The visible script (forecast_accuracy_tracker.py) uses only standard libraries (argparse, json, sys) and does not reference environment variables or credential material.
Persistence & Privilege: okFlags show always:false and default autonomous invocation allowed; that is expected. The skill does not request persistent system privileges or attempt to modify other skills or global agent configuration in the provided materials.