Skillv1.0.0

ClawScan security

Positioning Basics · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 18, 2026, 5:34 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only positioning advisor whose requirements, instructions, and scope align with its stated purpose and it doesn't request installs, credentials, or system persistence.
Guidance: This skill appears coherent and low-risk: it is purely instructional and asks for no installs or credentials. Before using, avoid pasting sensitive PII or unreleased customer data into prompts — instead sanitize or summarize proprietary materials. If you plan to share internal interviews or tickets, confirm you’re comfortable doing so. Note the author/contact link in the doc (brianrwagner.com) if you want to verify the source independently.

Purpose & Capability: okThe name/description (positioning help for founders/marketers) matches the SKILL.md content — templates, questions, tests, and output formats are all relevant. The skill requests no binaries, env vars, or installs, which is proportionate to a guidance/consultant skill.
Instruction Scope: noteInstructions are focused on positioning work and explicitly advise reviewing customer interviews, sales calls, support tickets, and reviews 'if available.' This is within scope, but means the agent may ask for or expect user-provided proprietary materials; the skill does not itself instruct accessing system files or sending data externally.
Install Mechanism: okNo install spec and no code files — lowest-risk model: the skill is instruction-only and writes nothing to disk.
Credentials: okThe skill requires no environment variables, credentials, or config paths, which is appropriate for a positioning/advisory skill.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent presence or elevated privileges. Autonomous invocation is allowed (platform default) but there are no other privilege requests.