Back to skill
Skillv2.0.0
ClawScan security
Product Desc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 6:59 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its description: it provides product-description templates and local helper scripts, does not request credentials or remote downloads, and only writes local data under a user data directory.
- Guidance
- This skill appears to do what it says: generate and optimize product descriptions using local shell scripts and templates. It does not request credentials or make network calls. Notes before installing/running: 1) The scripts create a data directory (default: $XDG_DATA_HOME or $HOME/.local/share/product-desc) and write history.log and data.log there — if you prefer no local writes, set PRODUCT_DESC_DIR to a directory you control or run in a sandbox/container. 2) Review the two bundled scripts (they are short, plain Bash) before executing if you want to be extra cautious. 3) No remote downloads or secrets are required, so risk is low for typical use.
Review Dimensions
- Purpose & Capability
- okName/description (product description, SEO, bullets, compare, localize) match the SKILL.md and the included scripts. There are no unrelated required binaries or secret env vars; the scripts implement templates and CLI helpers appropriate for this purpose.
- Instruction Scope
- okSKILL.md contains prompt templates and clear command examples; it does not instruct the agent to read arbitrary system files, exfiltrate data, or contact external endpoints. The runtime scripts produce templates and accept user input only.
- Install Mechanism
- okNo install spec or remote downloads are present. The skill is instruction-first and includes only two local shell scripts and docs — no network installs or archive extraction.
- Credentials
- noteNo required env vars are declared. The included script optionally honors PRODUCT_DESC_DIR and otherwise uses XDG_DATA_HOME or HOME to create a data directory (~/.local/share/product-desc). This is reasonable for local persistence but should be noted if the user expects zero filesystem writes.
- Persistence & Privilege
- notealways:false (normal). The tool writes logs and a data.log to a per-user data directory (config/history.log, data.log). This is typical for a CLI utility, but it does create persistent files in the user's home directory by default.