Skillv1.3.1

ClawScan security

PM Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 18, 2026, 1:16 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only Product Manager knowledge pack (Markdown files + SKILL.md) that requires no credentials, binaries, or installs and is consistent with its stated purpose.
Guidance: This skill is an instruction-only PM knowledge pack (SKILL.md + Markdown modules). It appears coherent and safe in that it requests no creds, binaries, or installs and contains no scripts. Before installing, you should: (1) Inspect SKILL.md and the knowledge/ and templates/ files (they are human-readable Markdown) to confirm content matches your expectations; (2) If you install using npx or clawhub, be aware those commands will download code from external sources—review the remote repo first if you want to avoid fetching anything you haven't inspected; (3) Do not paste sensitive customer data, PII, or credentials into prompts—while the skill itself does not exfiltrate data, your LLM provider (Claude/Codex/etc.) will receive whatever you send and may store or process it per their policies; (4) Note the license (CC BY-NC-SA 4.0) if you plan to reuse or redistribute content; (5) If you need stronger guarantees, run the skill in an environment where the files are loaded locally (e.g., upload SKILL.md + sibling folders to a controlled Claude Project or local agent) so you avoid network fetches at install time.

Purpose & Capability: okName, description, and required artifacts align: the skill is a PM operator that loads local Markdown knowledge and templates. It does not request unrelated credentials, binaries, or system paths.
Instruction Scope: okRuntime instructions instruct the agent to load and apply the included knowledge and templates (knowledge/, templates/, examples/). There are no steps that ask the agent to read unrelated system files, environment variables, or transmit data to unknown endpoints. The guidance to 'load' sibling files is consistent with an instruction-only skill.
Install Mechanism: okNo install spec is included in the registry metadata and there are no scripts or binary installs in the bundle. README suggests optional user-run commands (clawhub / npx) to fetch the repo, but the package itself is pure Markdown and contains no executable install steps.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The files are static Markdown; nothing in SKILL.md or README asks for secrets or unrelated credentials.
Persistence & Privilege: okThe skill does not request 'always: true' or elevated privileges. It is instruction-only and does not attempt to modify other skills or system-wide settings.