ProposalKit
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent proposal-document generator, with only purpose-aligned cautions around broad triggering, inferred business content, and generated file output.
This looks safe to install for generating proposal packages, but review every generated document before sending it to a client or investor. Pay particular attention to inferred pricing, timelines, payment terms, IP ownership language, and any claims about your team or capabilities.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may create polished proposal documents that look ready to send, including pricing and terms.
The skill instructs the agent to create and deliver multiple generated files. This is expected for a proposal-package generator, but users should know it produces client-facing business artifacts.
Save all files to `/mnt/user-data/outputs/` with naming: ... Use `present_files` to deliver all four.
Review all generated files, especially prices, timelines, legal terms, and client-specific claims, before sharing them externally.
Generated proposals may include assumptions that affect business commitments, pricing, schedules, or terms.
The skill encourages fast generation of 'ready-to-send' business materials and inference of defaults. This is aligned with its purpose, but could lead users to over-trust draft business content.
generates a COMPLETE ready-to-send package... If critical information is missing, ask — but infer sensible defaults for anything non-critical. The goal is to minimize friction.
Treat the output as a draft and verify assumptions before using it in a real bid, quote, proposal, or investor/client communication.
The final behavior may also depend on the platform's public document-generation skills.
The skill relies on platform public document-generation skill instructions that are not included in this artifact set. This appears purpose-aligned, but it is an external instruction dependency.
Before creating the .docx: Read `/mnt/skills/public/docx/SKILL.md` ... `/pptx/SKILL.md` ... `/xlsx/SKILL.md` ... `/pdf/SKILL.md`
If your environment allows reviewing public helper skills, check that the document-generation skills are trusted and appropriate for your files.