Back to skill
Skillv1.0.0
ClawScan security
Ads Market Insights · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 3:17 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only marketing/ads planning helper whose requested inputs and runtime instructions are consistent with its stated purpose and it does not request credentials, installs, or file/system access.
- Guidance
- This is a guidance-only marketing skill and appears internally consistent: it asks for campaign inputs (objectives, budgets, channels) and returns planning artifacts without requesting secrets or installing code. Consider these before enabling: (1) provenance is unknown (no homepage/author link) — validate recommendations against your own data and policies; (2) do not treat outputs as authoritative for billing/policy-sensitive changes — test any budget or automation changes with small, controlled experiments; (3) avoid pasting confidential credentials or full account dumps into prompts; and (4) if you later add an implementation that performs account actions (API calls, installs), re-evaluate for credential scope and install risk.
Review Dimensions
- Purpose & Capability
- okName, description, and required inputs align with an ad strategy/market-insight helper. There are no unrelated requirements (no cloud credentials, OS-level tools, or unrelated APIs) that would contradict the stated purpose.
- Instruction Scope
- okSKILL.md contains focused guidance for producing strategy snapshots, channel roles, budget/bidding plans, test matrices and guardrails. It does not instruct the agent to read local files, access secrets, contact external endpoints, or perform actions outside planning and advice.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Nothing will be written to disk or downloaded by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The input contract asks for campaign/business inputs (objective, budget, channel scope) that are proportionate to the stated functionality.
- Persistence & Privilege
- okSkill is not marked always:true and does not request permanent presence or modify other skills/config. Autonomous invocation is allowed (platform default) but there are no additional privileged requests.