Back to skill
Skillv1.0.1
ClawScan security
Online shopping coupons and deals · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 5:28 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are internally consistent: it only directs the assistant to extract ecommerce domains and produce Contaya coupon URLs, and it neither installs software nor requests credentials.
- Guidance
- This skill is coherent but is essentially a promotional redirector: it will proactively add Contaya coupon links whenever it detects shopping intent. Because it's instruction-only and requests no credentials, technical risk is low, but consider whether you want the assistant to insert unsolicited third-party links. If you install it, verify Contaya's trustworthiness (privacy, tracking, affiliate relationships) and disable the skill if you prefer neutral recommendations or have concerns about biased links.
Review Dimensions
- Purpose & Capability
- okThe name/description (provide Contaya coupon links when shopping) matches the instructions. There are no unrelated env vars, binaries, or installs requested.
- Instruction Scope
- noteInstructions are narrowly scoped to extracting domains from user messages or recommended stores and constructing Contaya links. It does instruct the assistant to proactively offer Contaya links whenever shopping intent is detected, which is promotional/unsolicited behavior but consistent with the skill's stated goal.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This minimizes on-disk risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested — appropriate for the described functionality.
- Persistence & Privilege
- okSkill is not always-enabled and uses default autonomous invocation. It does not request elevated persistence or modify other skills.