Back to skill
Skillv1.0.0
ClawScan security
Ads Pixel Readiness · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 3:19 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only checklist for auditing ad pixels and attribution readiness and its requirements and instructions are coherent with that purpose.
- Guidance
- This skill is an advisory checklist — it doesn’t request credentials or install code, so it’s coherent for producing audit findings and action plans. Before using it: (1) don’t paste full account API keys or passwords into chat; if you want automated checks, provide read-only credentials or exports of logs only, and limit scope. (2) Treat any recommended 'containment' or platform actions as human-reviewed steps before executing them. (3) If you expect the agent to call ad-platform APIs, confirm how credentials will be supplied and prefer least-privilege (read-only) access or use temporary tokens. (4) If you need integrations that perform changes, prefer a separate, well-scoped automation with explicit credential handling and auditing.
Review Dimensions
- Purpose & Capability
- okName and description (pixel/install/event integrity/attribution) match the SKILL.md content. Declared inputs (entity_ids, incident_or_audit_scope, time_window, optional logs) are appropriate for an audit-oriented skill. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md contains operational audit steps, decision rules, examples, and output contracts. It does not instruct reading arbitrary system files, accessing environment variables, or calling unexpected external endpoints. It stays within advisory/audit scope rather than automating platform logins or API calls.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only so nothing is written to disk or downloaded.
- Credentials
- noteThe skill requests structured inputs (entity IDs, logs, owner contacts) but does not request platform credentials. This is coherent if the skill is intended to produce human-actionable plans from provided data; if the user expects the skill to make API calls or take actions, credentials would be required and should be scoped (read-only) and provided deliberately.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent system presence or modify other skills or agent-wide settings.