Back to skill
Skillv1.0.0
ClawScan security
Food Production Sales Operation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 20, 2026, 1:16 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only e‑commerce operations playbook that is internally consistent, asks for no credentials or installs, but it declares broad toolset access (web/terminal/file) that you should review before granting.
- Guidance
- This skill is basically a written operations playbook (SOP) and looks coherent. Before enabling it, check whether your agent platform will grant the declared toolsets (web, terminal, file) automatically — these would allow the agent to browse the web, read/write files, or run commands, which are broader powers than a static playbook needs. Only grant those permissions if you trust the source and are comfortable with the agent accessing files or the web. Also avoid pasting sensitive credentials or confidential data into prompts when using the skill; treat the content as advisory guidance rather than executable automation.
Review Dimensions
- Purpose & Capability
- okThe name and description describe an e‑commerce / food production-sales SOP; the SKILL.md content is a matching playbook of procedures and KPIs. There are no unrelated environment variables, binaries, or install steps that would contradict the stated purpose.
- Instruction Scope
- noteThe runtime instructions are purely procedural advice and SOPs (weekly cadence, KPIs, live-stream parameters) and do not direct the agent to read system files, secrets, or call external endpoints. However, the SKILL.md metadata lists required toolsets [web, terminal, file, calculator], which is broader than the document needs — if the platform will grant those tool permissions automatically, consider that capability separately.
- Install Mechanism
- okNo install spec and no code files; nothing will be written to disk or executed by an installer. This is the lowest-risk install profile.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not ask for tokens, keys, or other secrets and so the requested scope appears proportionate.
- Persistence & Privilege
- okalways:false and user-invocable:true (default) — the skill is not forced into all agent sessions and does not request persistent elevated privileges or to modify other skills' configurations.