Back to skill
Skillv1.0.1
ClawScan security
competitive analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 31, 2026, 2:37 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only competitive-analysis skill composed of templates and guidance; its requested footprint and runtime instructions are consistent with the stated purpose and do not ask for credentials, installs, or unusual system access.
- Guidance
- This skill appears coherent and low-risk: it only provides templates and step-by-step guidance for competitive analysis and does not request credentials or perform installs. Before installing or using it, consider: 1) provenance — the source/homepage is unknown so verify the author/license if that matters to you; 2) data you supply — the templates ask for product and business details, so avoid pasting sensitive secrets, private customer data, or proprietary attachments into the skill's prompts; 3) collaboration workflows — if you plan to share generated reports widely, review them for confidential information. If you need the skill to never run autonomously, you can disable autonomous invocation in agent settings (the default platform behavior allows autonomous invocation but that is normal and not a red flag here).
Review Dimensions
- Purpose & Capability
- okName/description (competitive analysis based on Zhang Zaiwang) align with the provided content: guidance, workflows, and templates. Nothing in the package requests unrelated resources (no binaries, env vars, or external hosts).
- Instruction Scope
- okSKILL.md instructs the agent to clarify goals and interactively collect user-provided information and then apply structured analysis methods. It does not instruct the agent to read system files, call external endpoints, or access secrets beyond user-supplied product/business information.
- Install Mechanism
- okNo install specification and no code files — instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. Templates ask for business/product details (normal for this domain) but do not request secrets or unrelated credentials.
- Persistence & Privilege
- okSkill is not always-enabled and has default invocation settings. It does not request persistent system privileges or modification of other skills' configurations.