Back to skill
Skillv1.0.0
ClawScan security
Social Content Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 21, 2026, 9:30 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested footprint (no installs, no env vars, instruction-only) matches its stated purpose of generating platform-specific social media content.
- Guidance
- This skill appears internally consistent and low-risk: it only contains instructions for writing social posts and requests no secrets or installs. Before using it, consider: (1) verify any hashtags or 'best times' produced by the agent (the instruction to 'research' hashtags is vague and may rely on web queries or model knowledge — validate with current platform trends), (2) don't provide proprietary or sensitive brand credentials in prompts, and (3) review generated copy for compliance, trademark/copyright issues, and platform-specific rules before posting. If you want the skill to use a specific data source for hashtag research (e.g., your analytics or a hashtag API), require explicit configuration/credentials and update the SKILL.md accordingly.
Review Dimensions
- Purpose & Capability
- okName and description align with the runtime instructions: the SKILL.md describes generating platform-native posts, hashtags, hooks, and posting times. Nothing in the metadata asks for unrelated credentials, binaries, or system access.
- Instruction Scope
- noteThe instructions stay on-task (format selection, copywriting, hashtag suggestions, schedule). One potential ambiguity: 'Hashtags: Research and include relevant hashtags' is open-ended and may encourage the agent to perform external searches or call APIs to determine trending tags, but the SKILL.md does not specify any external endpoints, credentials, or data sources.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This minimizes disk/network installation risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportional for a content-generation skill.
- Persistence & Privilege
- okalways is false and the skill is user-invocable with normal autonomous invocation allowed. This is the expected privilege model for a content assistant and does not request elevated or persistent system presence.