Skillv1.0.0

ClawScan security

content-factory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 27, 2026, 2:15 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are coherent with its stated purpose (multi-agent content production); it is an instruction-only skill that doesn't request extra credentials or installs, though you should be mindful about optional network usage and voice-cloning misuse.
Guidance: This skill appears internally consistent for generating and remixing content; it doesn't ask for secrets or install anything. Before installing: (1) Decide whether to enable network/sub-agent spawning — if you enable it, the agent could fetch URLs or call cloud APIs, so only enable with appropriate access controls. (2) Avoid feeding private or sensitive data (personal PII, confidential documents, or proprietary source material) into the skill. (3) Be cautious with the voice-cloner prompt — it can reproduce writing styles and could be misused for impersonation; only use it with samples/consent you are allowed to copy. (4) Review generated content for factual accuracy, copyright, and any policy/theological constraints referenced in the prompts. If you want, restrict the skill's network capability or inspect agent logs the first few runs to confirm behavior matches your expectations.

Review Dimensions

Purpose & Capability: okName/description (content production, multi-agent personas) match the provided files and templates. No unexpected binaries, env vars, or config paths are requested. All declared behaviors (reading source content, writing drafts) are appropriate for the stated purpose.
Instruction Scope: noteSKILL.md and prompt files describe only content-generation tasks and expected I/O (read source content, write outputs). A couple of items merit attention: the 'voice-cloner' prompt explicitly trains/writes in another author's voice (which can enable stylistic impersonation) and the research pipeline expects source URLs/excerpts (which implies fetching/using external sources if network access is enabled). These are consistent with the purpose but are higher-risk uses of content-generation features and should be used with policy safeguards and user consent.
Install Mechanism: okNo install spec and no code files — instruction-only. This is low-risk from an installation/execution perspective because nothing is downloaded or installed by the skill itself.
Credentials: noteThe skill declares no required environment variables, credentials, or config paths — proportional and minimal. It does note 'sub-agent spawning' as optional; if you enable that or grant network access, external API keys or cloud credentials could become relevant in practice, so only enable those capabilities when needed and understand what endpoints will be called.
Persistence & Privilege: okalways:false and the skill does not request permanent presence or modify other skills. Default autonomous invocation remains possible, which is platform-normal and not itself a negative here.