Skillv1.0.0

ClawScan security

Newsletter Creation Curation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 18, 2026, 9:34 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's content and requirements match its newsletter-creation purpose, but the manifest sets always: true (force-included) without justification — a privilege escalation that doesn't fit the simple instruction-only workflow.
Guidance: This skill appears to do what it says: a structured playbook and templates for B2B newsletters with reasonable approval logic. The main red flag is always: true — ask the publisher why this skill must be force-included in every agent run and request they remove that flag or document a clear justification. Before installing: (1) verify the source/author (homepage in metadata points to a GitHub account; confirm it), (2) run the skill in a sandboxed agent or with explicit invocation rights only (do not enable always-included), (3) inspect PLAYBOOK.md and templates for any content you don't want published automatically, and (4) if you operate in regulated environments, ensure the role/approval steps in the skill are enforced by your agent policy and that the skill cannot autonomously send out content or external requests without explicit human approval. If the publisher provides a rationale for always: true that fits your use case, re-evaluate with that justification; otherwise treat the current manifest as a policy/privilege misconfiguration rather than direct malicious behavior.

Purpose & Capability: okName, description, and included files (SKILL.md, PLAYBOOK.md, templates, examples) are coherent: all artifacts support industry- and stage-aware newsletter creation. No binaries, installs, or unrelated env vars are requested.
Instruction Scope: okRuntime instructions are a structured decision tree and drafting workflow that reference only local templates and the PLAYBOOK. They do not instruct the agent to read arbitrary system files, access external endpoints, or exfiltrate secrets. Suggested data sources (e.g., 'your own sales calls') are user-provided context, not automatic system access.
Install Mechanism: okThis is instruction-only with no install spec or code files to execute. That minimizes disk-written code and install risk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. Requested inputs are contextual (ICP, cadence, approvals) and proportionate to the stated purpose.
Persistence & Privilege: concernThe registry metadata sets always: true. For an instruction-only newsletter workflow, force-inclusion in every agent run is unnecessary and raises risk: it bypasses eligibility gates and could be invoked implicitly in contexts where the user did not intend it. Autonomous invocation (disable-model-invocation: false) is normal, but combined with always: true increases blast radius.