Back to skill
Skillv1.0.3
ClawScan security
Find Community · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 7, 2026, 9:37 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only advisory skill that stays within its stated purpose (helping users identify communities for minimalist businesses) and requests no credentials, binaries, or installs.
- Guidance
- This skill appears low-risk: it is purely instructional and asks the user to describe their communities and problems. Before installing, confirm you trust the publisher (the README references an external GitHub repo), and be mindful not to share sensitive personal or account credentials when using the skill. Because it can be invoked autonomously by the agent (the platform default), review how your agent uses installed skills if you are concerned about automated runs — but autonomous invocation alone is normal and not a red flag here.
Review Dimensions
- Purpose & Capability
- okName, description, README, and SKILL.md are consistent: the skill guides users through identifying communities and evaluating problems. The README's attribution to the Minimalist Entrepreneur repo is plausible and consistent with the skill content.
- Instruction Scope
- okSKILL.md contains only conversational guidance and a question/evaluation framework. It does not instruct the agent to read files, call external endpoints, or access environment variables. It will ask users for personal/community information (expected for this purpose) which may be sensitive depending on what the user shares.
- Install Mechanism
- okNo install spec and no code files — instruction-only. Nothing will be written to disk or installed by the skill itself.
- Credentials
- okRequires no environment variables, credentials, or config paths. There are no declared secrets or external service tokens required.
- Persistence & Privilege
- okalways is false and normal autonomous invocation is allowed (platform default). The skill does not request persistent system presence or modify other skills/configs.