Brandomica Lab
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherent for brand availability checks, but it relies on an external npm MCP package and may send candidate brand names to external services.
This looks like a normal brand-checking MCP skill. Before installing, make sure you trust the npm package source, and avoid checking confidential launch names unless you are comfortable sharing them with Brandomica and any external lookup services it uses.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill means trusting the npm package that implements the Brandomica MCP server.
The skill installs and runs an external npm package to provide the MCP server. That is expected for this type of skill, but the package implementation is not included in the supplied artifact files.
requires:\n bins:\n - npx\n...\ninstall:\n - kind: node\n package: brandomica-mcp-server
Install only if you trust the package source and repository, and review the package provenance if your environment is sensitive.
Confidential product or company names could be exposed to the Brandomica service or third-party lookup services during checks.
The skill is designed to check candidate names across external services and registries, so brand names entered by the user may be transmitted outside the local agent context.
Full brand check (domains, social, trademarks, app stores, SaaS + availability score + safety assessment)
Avoid submitting highly confidential names unless you are comfortable with the service’s data handling terms.