signup-flow-cro
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a normal signup optimization helper with scoped local context use and an optional local analyzer script, with no evidence of credential theft, exfiltration, or destructive behavior.
Before installing, know that this skill may use `.claude/product-marketing-context.md` if present and includes an optional Python funnel analyzer for local data. Keep sensitive information out of context/funnel files unless you intend the agent to use it, and verify any suggested privacy, security, or trust claims before publishing them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Product or marketing context from that local file may be incorporated into the agent's reasoning and recommendations.
This directs the agent to use an existing local project context file. It is scoped and relevant to marketing analysis, but the file may contain sensitive, stale, or overly influential business context.
If `.claude/product-marketing-context.md` exists, read it before asking questions. Use that context...
Keep the context file limited to intended non-secret product information and review recommendations for accuracy.
If you choose to run the helper, it will execute local Python code and read the funnel data file or stdin you provide.
The package includes a local executable Python helper that can process funnel data from a JSON file or stdin. This is purpose-aligned and not shown to run automatically.
#!/usr/bin/env python3 ... Usage: python3 funnel_drop_analyzer.py --steps steps.json ... --stdin
Run the helper only on intended local funnel data and inspect the script before use if you require high assurance.
You have less external context for verifying the publisher, release history, or maintenance source.
The artifacts do not provide an upstream source or homepage, which limits provenance verification, especially because a helper script is included.
Source: unknown; Homepage: none
Install only if you trust the registry owner or have reviewed the included artifacts.
Following the advice without validation could lead to inaccurate privacy or security claims on a signup page.
The CRO guidance suggests trust, privacy, and security copy. This is normal for signup optimization, but such claims should be true and verified before being published.
Privacy note: "We'll never share your email" ... Security badges if relevant
Use trust badges, privacy assurances, and compliance/security wording only when they accurately reflect the product's policies and controls.