Back to skill
Skillv1.0.2
ClawScan security
Generate High-Converting TikTok Ads for Shopify (UGC + Viral Hooks + A/B Testing) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 22, 2026, 6:05 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (generating TikTok ad scripts), requests no credentials or installs, and its runtime instructions stay within scope.
- Guidance
- This skill appears coherent and low-risk from a platform-security perspective (no installs, no credentials, no external endpoints). Before using: (1) confirm any outputs comply with advertising rules and platform policies (disclosure/paid promotion rules, banned claims, health/safety regulations), especially because Reali-TEA encourages 'accidental' product reveals and authentic-sounding content that may need disclosure as ads; (2) review generated claims for accuracy and avoid making unverified health or legal assertions; and (3) if you plan to integrate this into an automated workflow, ensure you supply only product data you control (avoid pasting sensitive customer data into prompts).
Review Dimensions
- Purpose & Capability
- okName and description match the actual contents: an instruction-only copywriting skill for TikTok/Shopify ads. The manifest, config.json input/output schema, and SKILL.md are all aligned with that purpose; there are no unrelated environment variables, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md contains only copywriting instructions and output structure (hooks, scripts, CTAs, testing notes). It asks the agent to use only user-supplied product details; it does not instruct reading system files, environment variables, or contacting external endpoints. The Reali-TEA rules modify tone and stage directions but remain within creative scope.
- Install Mechanism
- okNo install spec, no code files to execute, and no downloads or extracted archives. Instruction-only skills present minimal on-disk risk.
- Credentials
- okNo credentials, environment variables, or config paths are required. The skill asks only for product-related input fields defined in config.json—proportionate to a copywriting tool.
- Persistence & Privilege
- okalways is false and default autonomous invocation is unchanged. The skill does not request persistent presence or access to other skills' config; there is no install-time behavior that changes system-wide settings.