Skillv1.0.0

ClawScan security

Ads Incident Tickets · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 1:14 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill that focuses on triage, severity classification, and ticket payload generation for ad-platform incidents; its requirements and instructions are coherent with the stated purpose and it does not request credentials or install code.
Guidance: This skill is instruction-only and internally consistent with ad incident triage. Before installing or using it: (1) avoid pasting platform credentials or long-lived tokens directly into free-text inputs—use your platform integrations or connection flows instead; (2) when providing logs or events, sanitize any PII you don't want shared; (3) test the skill in a low-impact environment (sample accounts or a staging campaign) to confirm the outputs and ticket payload formats meet your workflow; (4) note the SKILL.md mentions extra channels (Amazon/Shopify/DSP) in keywords—confirm whether you need those included before relying on the outputs. Overall this skill appears coherent and low-risk, but treat any supplied account identifiers or logs as sensitive data.

Review Dimensions

Purpose & Capability: okThe skill's name, description, and input/output contracts align with an incident-ticketing/triage workflow for advertising platforms. Required inputs (entity_ids, time_window, logs/events) are appropriate for this purpose. A minor note: the high-signal keywords list mentions additional channels (Amazon/Shopify/DSP) not emphasized in the 'Primary scope' heading—this is likely a documentation minor inconsistency, not a security concern.
Instruction Scope: okSKILL.md contains clear, scoped runtime instructions: confirm scope, validate freshness, detect anomalies, rank fixes, and emit ticket payloads. It does not instruct the agent to read arbitrary host files, access unspecified environment variables, or POST data to external endpoints. It asks for logs/events as inputs (expected for the task) but does not require ingestion of unrelated system data.
Install Mechanism: okNo install spec and no code files — instruction-only. There is nothing that will be written to disk or executed on install, which minimizes installation risk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. Inputs it requests (entity IDs, logs, owner_contacts) are proportional to an incident-ticketing workflow. There are no unrelated credential requests.
Persistence & Privilege: okThe skill is not marked always:true and uses default invocation settings. It does not request persistent system presence or modify other skills/config. Autonomous invocation is allowed by platform default but is not combined with other concerning privileges.