Back to skill
Skillv1.0.0
ClawScan security
Homepage Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 8:12 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only conversion-audit checklist that asks for screenshots or URLs to review; it requests no installs, credentials, or special privileges and is coherent with its stated purpose.
- Guidance
- This skill is a standalone checklist and appears coherent and low-risk. Before using it, remember: (1) it may ask you to paste headlines, provide screenshots, or give a public URL — avoid sharing sensitive pages (admin dashboards, pages behind auth) or credentials; (2) the SKILL.md includes an external author/link (brianrwagner.com) — if provenance matters to you, verify the author; (3) because it’s instruction-only, it won’t install code on your machine, but the agent may fetch public URLs you provide, so treat any uploaded screenshots or links as shared data. If you need reviews of private or sensitive pages, prefer screenshots with sensitive data redacted or an offline/manual audit instead.
Review Dimensions
- Purpose & Capability
- okThe name/description match the SKILL.md content: a conversion/homepage audit checklist. There are no unrelated requirements (no binaries, no env vars, no installs) that would be inconsistent with a UX/marketing audit.
- Instruction Scope
- okRuntime instructions are limited to audit steps and scoring guidance. When direct access is unavailable the skill explicitly asks for screenshots, URL, or copy/pasted text — which is appropriate for the stated purpose. The SKILL.md does not instruct the agent to read local files, environment variables, or other system state.
- Install Mechanism
- okNo install spec or code files are present (instruction-only). This minimizes disk writes and arbitrary code execution risk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. It does contain a public external link attribution to brianrwagner.com, which is informational only and not a secret requirement.
- Persistence & Privilege
- okalways is false and disable-model-invocation is false (normal). The skill does not request persistent/system-level privileges or to modify other skills or agent configs.