Back to skill
Skillv1.0.0
ClawScan security
Mit24 Team Building · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 1, 2026, 7:10 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only guidance skill for defining an MVBP, preparing demos, and building a core startup team; its requirements and instructions are coherent with that purpose and it does not request unusual system access or installs.
- Guidance
- This skill is coherent and low-risk from a system-access perspective because it contains only instructions and requests no credentials or installs. Before using: (1) remember it may ask for business-sensitive details (customer lists, revenue projections, contract terms) — don't paste secrets or credentials; (2) provenance is unknown (no homepage or author info), so treat recommendations as general guidance and cross-check with trusted sources or advisors; (3) if you plan to share real customer data for feedback templates, sanitize or anonymize it first.
- Findings
[static-scan-none-found] expected: The regex scanner found no code-level patterns; this is expected because the skill is instruction-only (SKILL.md only). Absence of findings is not a guarantee of safety but aligns with the skill's instruction-only nature.
Review Dimensions
- Purpose & Capability
- okName/description (MVBP, demo, team-building) match the SKILL.md content. The skill is instruction-only and does not request unrelated binaries, environment variables, or credentials.
- Instruction Scope
- okSKILL.md sticks to product-spec, demo scripts, feedback collection, and team-role guidance. It references earlier steps for context but does not instruct the agent to read system files, fetch external URLs, or exfiltrate data.
- Install Mechanism
- okNo install spec and no code files are present, so nothing will be written to disk or installed by the skill.
- Credentials
- okNo environment variables, credentials, or config paths are required. The outputs are document templates and plans appropriate for the stated purpose.
- Persistence & Privilege
- okFlags show default behavior (not always: true). The skill does not request permanent presence or elevated privileges and will not modify other skills or system configurations.