Skillv1.0.0

ClawScan security

Ads Traffic Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 4, 2026, 5:57 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is instruction-only and its requested scope, inputs, and outputs are consistent with an ads traffic analysis helper; it asks for no credentials or installs and contains no code that contradicts its description.
Guidance: This skill looks coherent and low-risk: it is instruction-only, asks for no credentials, and stays within the stated ads-analysis purpose. Before installing or using it, consider: (1) If you connect it to real ad platforms later, supply API keys only when needed and use least-privilege credentials; (2) Avoid pasting sensitive account tokens or full raw datasets into chat unless you trust the execution environment; (3) Verify any high-impact recommendations (budget shifts, policy escalations) with a human who has platform access; (4) If you expect the skill to call your analytics/BI systems automatically, confirm where credentials are stored and audited. Overall, the skill appears internally consistent — proceed with normal operational caution.

Purpose & Capability: okThe name/description (traffic mix decomposition, trend anomaly diagnosis across ad platforms) aligns with the SKILL.md workflow, input/output contract, decision rules, and examples. There are no unexpected requirements (no cloud creds, no unrelated binaries) that would be incoherent with the stated purpose.
Instruction Scope: okSKILL.md instructs the agent to disambiguate metrics, build query plans, compute deltas, summarize, and recommend actions. It does not tell the agent to read arbitrary local files, probe system state, or transmit data to hidden endpoints. Escalation/hand-off guidance is limited to structured payloads and is appropriate for analysis workflows.
Install Mechanism: okNo install spec and no code files are present, so nothing is written to disk and there are no external packages or downloads. This is the lowest-risk model for a skill of this type.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That is proportionate for a guidance/analysis skill that expects user-supplied data inputs rather than direct API access. If the agent later needs to call platform APIs, those credentials would need to be provided explicitly at use time.
Persistence & Privilege: okalways is false and the skill does not request persistent modifications to agent/system settings. There is no attempt to modify other skills or require permanent presence.